From c233285c229acb63c9410bf61abd21056567aaff Mon Sep 17 00:00:00 2001 From: Marc Bourgoin Date: Fri, 28 Apr 2023 08:44:32 -0600 Subject: [PATCH] sm7325-common: Commonize sepolicy Change-Id: Idbc4e5f655fd19cc4754aab99d8bb236a73f9a12 --- sepolicy/vendor/file_contexts | 8 +++++++- sepolicy/vendor/genfs_contexts | 6 ++++++ sepolicy/vendor/hal_light_default.te | 5 +++++ sepolicy/vendor/hwservice_contexts | 1 + sepolicy/vendor/vendor_init_fingerprint.te | 7 ++++++- 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 sepolicy/vendor/hal_light_default.te diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index e938bdf..91071bc 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -57,10 +57,15 @@ /data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0 /dev/esfp0 u:object_r:egis_device:s0 /dev/goodix_fp u:object_r:goodix_device:s0 +/sys/devices/soc/0.et320(/.*)? u:object_r:vendor_sysfs_fingerprint:s0 # IFAA /(vendor|system/vendor)/bin/hw/vendor\.zui\.hardware\.ifaa@1\.0-service u:object_r:hal_ifaa_default_exec:s0 +# Lights +/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.berlna u:object_r:hal_light_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.xpeng u:object_r:hal_light_default_exec:s0 + # LiveDisplay /(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.motorola_lahaina u:object_r:hal_lineage_livedisplay_qti_exec:s0 @@ -89,9 +94,10 @@ /dev/mmi_sys_temp u:object_r:vendor_thermal_device:s0 # Vendor init scripts +/(vendor|system/vendor)/bin/load_touch\.sh u:object_r:vendor_qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.mmi\.laser\.sh u:object_r:vendor_mmi_laser_exec:s0 /(vendor|system/vendor)/bin/init\.mmi\.touch\.sh u:object_r:vendor_init_touch_exec:s0 -/(vendor|system/vendor)/bin/init\.oem\.fingerprint2\.sh u:object_r:vendor_init_fingerprint_exec:s0 +/(vendor|system/vendor)/bin/init\.oem\.(fingerprint2|fingerprint\.overlay)\.sh u:object_r:vendor_init_fingerprint_exec:s0 /(vendor|system/vendor)/bin/init\.oem\.hw\.sh u:object_r:vendor_init_hw_exec:s0 # V4L2 Name diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 8802b97..5bd3fd6 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,3 +1,8 @@ +# Fingerprint +genfscon sysfs /devices/platform/egis_input u:object_r:vendor_sysfs_fingerprint:s0 +genfscon sysfs /devices/platform/egis_input/navigation_enable u:object_r:vendor_sysfs_fingerprint:s0 +genfscon sysfs /devices/platform/egis_input/navigation_event u:object_r:vendor_sysfs_fingerprint:s0 + # Health genfscon sysfs /devices/platform/soc/soc:mmi,charger/power_supply/mmi_battery u:object_r:vendor_sysfs_battery_supply:s0 @@ -6,6 +11,7 @@ genfscon sysfs /devices/virtual/input # Lights genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/charging u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/charging u:object_r:sysfs_leds:s0 # LiveDisplay genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display-primary/dsi_display_hbm u:object_r:sysfs_livedisplay_tuneable:s0 diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te new file mode 100644 index 0000000..50ede18 --- /dev/null +++ b/sepolicy/vendor/hal_light_default.te @@ -0,0 +1,5 @@ +allow hal_light_default { + sysfs_leds +}:file rw_file_perms; + +r_dir_file(hal_light_default, sysfs_leds) diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index c84a906..44f58c4 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -4,6 +4,7 @@ motorola.hardware.camera.desktop::ICameraDesktop u:object # Fingerprint com.motorola.hardware.biometric.fingerprint::IMotoFingerPrint u:object_r:hal_fingerprint_hwservice:s0 com.motorola.hardware.biometric.fingerprint::IMotoFingerPrintSensorTest u:object_r:hal_fingerprint_hwservice:s0 +vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts u:object_r:hal_fingerprint_hwservice:s0 vendor.egistec.hardware.fingerprint::IBiometricsFingerprintRbs u:object_r:hal_fingerprint_hwservice:s0 # IFAA diff --git a/sepolicy/vendor/vendor_init_fingerprint.te b/sepolicy/vendor/vendor_init_fingerprint.te index e1ccdd7..2e055dd 100644 --- a/sepolicy/vendor/vendor_init_fingerprint.te +++ b/sepolicy/vendor/vendor_init_fingerprint.te @@ -2,6 +2,7 @@ type vendor_init_fingerprint, domain; type vendor_init_fingerprint_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_init_fingerprint) +allow vendor_init_fingerprint kernel:key search; allow vendor_init_fingerprint self:capability { kill sys_module }; allow vendor_init_fingerprint vendor_file:system module_load; allow vendor_init_fingerprint vendor_toolbox_exec:file rx_file_perms; @@ -9,7 +10,11 @@ allow vendor_init_fingerprint vendor_persist_egis_file:file create_file_perms; allow vendor_init_fingerprint vendor_persist_egis_file:dir rw_dir_perms; allow vendor_init_fingerprint vendor_persist_fps_file:file create_file_perms; allow vendor_init_fingerprint vendor_persist_fps_file:dir rw_dir_perms; -allow vendor_init_fingerprint mnt_vendor_file:dir search; +allow vendor_init_fingerprint mnt_vendor_file:dir r_dir_perms; +allow vendor_init_fingerprint mnt_vendor_file:file r_file_perms; + +# Write to /dev/kmsg +allow vendor_init_fingerprint kmsg_device:chr_file rw_file_perms; set_prop(vendor_init_fingerprint, ctl_start_prop) set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop)