sepolicy: Update SDM845-SM8450 rules
[1] - SDM8450-SM8350 from LA.UM.9.1.r1-14900-SMxxx0.QSSI14.0 [2] - SM7450-SM8450 from LA.VENDOR.1.0.r1-24200-WAIPIO.QSSI14.0 Change-Id: I6472d3a08583a4d4a989fe4bcc23605a1c2e0c22 Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
This commit is contained in:
chrisl7
CHRISL7
parent
29f71e2a27
commit
7c372e9c44
|
|
@ -1 +1,5 @@
|
|||
allow vold vendor_sysfs_mmc_host:file w_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
dontaudit vold vendor_qmcs_file:dir { read };
|
||||
')
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# generic/vendor_hal_gnss_qti.te - generic sepolicy rules for vendor_location hidl
|
||||
|
||||
#Allow Gnss HAL to access ril socket
|
||||
allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
|
||||
# allows Gnss HAL to access ssgtzd socket
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_ssgtzd, vendor_ssgtzd)
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
|
||||
|
||||
# allows location to access ssgtzd socket
|
||||
unix_socket_connect(vendor_location, vendor_ssgtzd, vendor_ssgtzd)
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# generic/vendor_hal_gnss_qti.te - generic sepolicy rules for vendor_location hidl
|
||||
|
||||
#Allow Gnss HAL to access ril socket
|
||||
allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
|
||||
# allows Gnss HAL to access ssgtzd socket
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_ssgtzd, vendor_ssgtzd)
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
|
||||
|
||||
# allows location to access ssgtzd socket
|
||||
unix_socket_connect(vendor_location, vendor_ssgtzd, vendor_ssgtzd)
|
||||
|
|
@ -98,6 +98,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,wpss@8a00000/subsys4/wakeup u:obje
|
|||
genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys5/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a300000.qcom,turing/subsys6/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys5/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/99c000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys7/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-1/1-0028/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
@ -123,6 +124,7 @@ genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys6/wakeup u:object_
|
|||
genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys7/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys5/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys4/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys6/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1103_00.01.00/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
# PA - More wakeup nodes
|
||||
|
|
@ -149,3 +151,5 @@ genfscon sysfs /devices/platform/soc/3d00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_mod
|
|||
|
||||
# UFS
|
||||
genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:0/block/sda/queue/discard_max_bytes u:object_r:vendor_sysfs_mmc_host:s0
|
||||
|
||||
genfscon sysfs /devices/platform/soc/ae94000.qcom,mdss_dsi_ctrl0/uio/uio1/name u:object_r:vendor_sysfs_uio_file:s0
|
||||
|
|
|
|||
|
|
@ -172,6 +172,8 @@ genfscon sysfs /devices/platform/soc/3d00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_mod
|
|||
genfscon sysfs /devices/platform/soc/17110040.qcom,wcn6750/net u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/platform/soc/1c08000.qcom,pcie/pci0001:00/0001:00:00.0/0001:01:00.0/mhi0/mhi_0308_01.01.00_IP_HW0/net u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/platform/soc/22800000.qcom,icnss/net/ u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/platform/soc/17210040.qcom,wcn6750/net u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net u:object_r:sysfs_net:s0
|
||||
|
||||
#wakeup sysfs nodes listed by SuspendSepolicyTests.sh
|
||||
genfscon sysfs /devices/platform/soc/988000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
@ -217,3 +219,5 @@ genfscon sysfs /devices/platform/soc/17110040.qcom,wcn6750/wakeup u:object_r:sys
|
|||
genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-2/2-0028/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/99c000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:remoteproc-wpss@8A00000/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/17210040.qcom,wcn6750/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /kernel/camera/subparts_info u:object_r:vendor_sysfs_camera:s0
|
||||
|
|
|
|||
|
|
@ -68,3 +68,4 @@ allow hal_camera_default vendor_dmabuf_display_heap_device:chr_file r_file_perms
|
|||
allow hal_camera_default vendor_vm_cp_non_pixel_device:chr_file r_file_perms;
|
||||
allow hal_camera_default vendor_vm_cp_pixel_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_camera_default vendor_sysfs_camera:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -6,3 +6,5 @@
|
|||
#Allow Gnss HAL to access ril socket
|
||||
allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
|
||||
# allows Gnss HAL to access ssgtzd socket
|
||||
unix_socket_connect(vendor_hal_gnss_qti, vendor_ssgtzd, vendor_ssgtzd)
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
genfscon sysfs /kernel/camera/subparts_info u:object_r:vendor_sysfs_camera:s0
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow hal_camera_default vendor_sysfs_camera:file r_file_perms;
|
||||
|
|
@ -64,6 +64,8 @@ allow bluetooth dun_service:service_manager find;
|
|||
|
||||
# for finding wbc_service
|
||||
allow bluetooth wbc_service:service_manager find;
|
||||
# for finding mediametrics_service
|
||||
allow bluetooth mediametrics_service:service_manager find;
|
||||
|
||||
# ioctlcmd=c302
|
||||
allow bluetooth self:socket ioctl;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,12 @@
|
|||
### 4.19 Nodes
|
||||
#PM2250
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm2250@0:qcom,pm2250_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
#PM6125 & PMI632
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc u:object_r:sysfs_rtc:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
#pm7250b sysfs nodes
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0
|
||||
|
|
@ -22,12 +25,8 @@ genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.q
|
|||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
#wakeup sysfs nodes listed by SuspendSepolicyTests.sh
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
# UFS
|
||||
genfscon sysfs /devices/platform/soc/4804000.ufshc/host0/target0:0:0/0:0:0:4/block/sde/queue/discard_max_bytes u:object_r:vendor_sysfs_mmc_host:s0
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
allow vendor_init vendor_ipa_dev:file create_file_perms;
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow bluetooth mediametrics_service:service_manager find;
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
binder_call(dumpstate, vendor_sxrd_vndr)
|
||||
binder_call(dumpstate, vendor_qvrd_vndr)
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
#aidirector audio device
|
||||
type vendor_aid_audio_device, dev_type;
|
||||
|
|
@ -61,3 +61,6 @@
|
|||
/sys/firmware/devicetree/base/memory/ddr_device_type u:object_r:vendor_sysfs_ddr:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.eid@1\.0-service u:object_r:vendor_hal_eid_qti_exec:s0
|
||||
|
||||
#aidirector
|
||||
/dev/snd/controlC0 u:object_r:vendor_aid_audio_device:s0
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
#power related wake_up Node.
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-08/c440000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
#Modem & ADSP related wakeup nodes.
|
||||
genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys3/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/3700000.qcom,lpass/subsys4/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
#Allow audio hal access to aid audio node
|
||||
allow hal_audio_default vendor_aid_audio_device:chr_file rw_file_perms;
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
#Allow base set of permissions for camera hal to be a client of audio hal
|
||||
typeattribute hal_camera_default hal_audio_client;
|
||||
|
||||
#Allow audio related and read file permissions
|
||||
allow hal_camera_default vendor_aid_audio_device:chr_file rw_file_perms;
|
||||
allow hal_camera_default audio_device:dir r_dir_perms;
|
||||
get_prop(hal_camera_default, vendor_audio_prop)
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# Allow system_server to read vendor_persist_camera_prop
|
||||
get_prop(system_server, vendor_persist_camera_prop)
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
# Allow system_server to read vendor_persist_camera_prop
|
||||
get_prop(system_server, vendor_persist_camera_prop)
|
||||
Loading…
Reference in New Issue