LG8n: Kang sepolicy from pre-Reboot branch

* Wouldn't kanging be faster

Signed-off-by: Shirayuki39 <lorddemecrius83@proton.me>
This commit is contained in:
Shirayuki39 2024-07-17 14:56:04 +08:00
parent 8eb02c2323
commit 34bf33e05b
52 changed files with 385 additions and 0 deletions

View file

@ -160,6 +160,10 @@ ENABLE_VENDOR_RIL_SERVICE := true
# Selinux # Selinux
include device/mediatek/sepolicy_vndr/SEPolicy.mk include device/mediatek/sepolicy_vndr/SEPolicy.mk
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/public
BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
# Vendor Security Patch # Vendor Security Patch
VENDOR_SECURITY_PATCH := 2024-03-05 VENDOR_SECURITY_PATCH := 2024-03-05

View file

@ -0,0 +1 @@
allow isolated_app app_data_file:file setattr;

View file

@ -0,0 +1,8 @@
# Fingerprint
gf.debug. u:object_r:vendor_fingerprint_prop:s0
# Hardware
ro.hardware.chipname u:object_r:exported_default_prop:s0
# SVN
ro.product.svn u:object_r:build_prop:s0

View file

@ -0,0 +1 @@
get_prop(radio, system_mtk_vodata_prop)

View file

@ -0,0 +1 @@
allow system_app proc_pagetypeinfo:file r_file_perms;

View file

@ -0,0 +1,3 @@
allow system_suspend sysfs_wakeup:dir r_dir_perms;
allow system_suspend sysfs_battery:dir { open read };
allow system_suspend sysfs_extcon:dir r_dir_perms;

View file

@ -0,0 +1 @@
dontaudit vendor_init system_mtk_fd_prop:property_service set;

View file

@ -0,0 +1 @@
allow vold_prepare_subdirs checkin_data_file:dir relabelfrom;

1
sepolicy/public/file.te Normal file
View file

@ -0,0 +1 @@
type sysfs_battery, sysfs_type, fs_type;

View file

@ -0,0 +1,5 @@
# Camera
vendor_public_prop(vendor_camera_prop)
# Fingerprint
system_public_prop(vendor_fingerprint_prop)

View file

@ -0,0 +1,5 @@
jpeg.exif.icc.profile u:object_r:exported_default_prop:s0
gce.test u:object_r:exported_default_prop:s0
vilte.test u:object_r:exported_default_prop:s0
prepend.test u:object_r:exported_default_prop:s0

View file

@ -0,0 +1 @@
allow ueventd tmpfs:blk_file { getattr setattr relabelfrom };

1
sepolicy/vendor/awinic.te vendored Normal file
View file

@ -0,0 +1 @@
allow mtk_hal_audio aw87xxx_vmax:file { read getattr open };

1
sepolicy/vendor/cameraserver.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(cameraserver, vendor_camera_prop)

1
sepolicy/vendor/ccci_mdinit.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(ccci_mdinit, vendor_mtk_service_nvram_restore_prop)

6
sepolicy/vendor/device.te vendored Normal file
View file

@ -0,0 +1,6 @@
# Camera
type cml421_ois_device, dev_type;
type cwvi5300_device, dev_type;
# Tranfs
type tranfs_block_device, dev_type;

9
sepolicy/vendor/dontaudit.te vendored Normal file
View file

@ -0,0 +1,9 @@
dontaudit {
mobicore
mtk_hal_camera
} shell_data_file:dir search;
dontaudit ueventd tranfs_block_device:blk_file rw_file_perms;
dontaudit audioserver vendor_audio_prop:file read;
dontaudit stflashtool nfc_prop:file read;
dontaudit hal_audio_default hal_power_hwservice:hwservice_manager find;

1
sepolicy/vendor/em_app.te vendored Normal file
View file

@ -0,0 +1 @@
dontaudit em_app mtk_hal_nvramagent_hwservice:hwservice_manager find;

28
sepolicy/vendor/file.te vendored Normal file
View file

@ -0,0 +1,28 @@
# Camera
type sysfs_tran_cam_file, fs_type, sysfs_type;
type transsion_camera_data_file, file_type, data_file_type, mlstrustedobject;
type vendor_watermark_data_file, file_type, data_file_type, mlstrustedobject;
# Data
type storage_dbg_data_file, file_type, data_file_type;
# Fingerprint
type sysfs_fp_name_path, fs_type, sysfs_type;
type vendor_gf_data_file, file_type, data_file_type;
# NFC
type nfc_vendor_data_file, file_type, data_file_type;
# Gesture
type proc_gesture_function, fs_type, proc_type, sysfs_type;
type proc_main_gesture_function, fs_type, proc_type, sysfs_type;
# OTG
type sysfs_OTG_STATE_file, fs_type, sysfs_type;
# Torch
type sysfs_sub_torch_file, fs_type, sysfs_type;
type sysfs_torch_file, fs_type, sysfs_type;
# VMAX
type aw87xxx_vmax, fs_type, sysfs_type;

48
sepolicy/vendor/file_contexts vendored Normal file
View file

@ -0,0 +1,48 @@
# Camera
/dev/cml421_ois(/.*)? u:object_r:cml421_ois_device:s0
/dev/cwvi5300 u:object_r:cwvi5300_device:s0
/data/vendor/camera_watermark(/.*)? u:object_r:vendor_watermark_data_file:s0
/data/vendor/multicam(/.*)? u:object_r:transsion_camera_data_file:s0
# Data
/data/storage_dbg(/.*)? u:object_r:storage_dbg_data_file:s0
# Extcon
/sys/devices/platform/extcon_usb/extcon/extcon0/cable.1/state u:object_r:sysfs_OTG_STATE_file:s0
# Fingerprint
/dev/fortsense_fp u:object_r:fingerprint_device:s0
/(system\/vendor|vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.fptool\.fingerprint@2\.0-service u:object_r:hal_fingerprint_default_exec:s0
/sys/kernel/tran_fp(/.*)? u:object_r:sysfs_fp_name_path:s0
/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_gf_data_file:s0
# Health
/(vendor|system\/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
# NFC
/dev/pn54x u:object_r:nfc_device:s0
/dev/pn553 u:object_r:nfc_device:s0
/dev/nxpnfc u:object_r:nfc_device:s0
# Power
/sys/devices/platform/soc/11017000.i2c/i2c-5/5-0053/power_supply/charger(/.*)? u:object_r:sysfs_batteryinfo:s0
# Sensor stuff
/(vendor|system\/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
# Trancam
/(system\/vendor|vendor)/bin/hw/vendor\.transsion\.hardware\.trancam\.trancamserver@1\.0-service u:object_r:trancamserver_exec:s0
/sys/devices/platform/(odm/odm:tran_battery|tran_battery)/tran_cam u:object_r:sysfs_tran_cam_file:s0
# Tranfs
/dev/block/sdc62 u:object_r:tranfs_block_device:s0
# Vibrator
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service.example u:object_r:hal_vibrator_default_exec:s0
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek u:object_r:hal_vibrator_default_exec:s0
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek-lazy u:object_r:hal_vibrator_default_exec:s0
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service\.example u:object_r:hal_vibrator_default_exec:s0
/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service\.mediatek u:object_r:hal_vibrator_default_exec:s0
/sys/devices/platform/soc/1101a000.i2c/i2c-6/6-005a/leds/vibrator_single(/.*)? u:object_r:sysfs_vibrator:s0

2
sepolicy/vendor/fsck.te vendored Normal file
View file

@ -0,0 +1,2 @@
allow fsck tmpfs:blk_file { read write ioctl };
allow fsck tranfs_block_device:blk_file rw_file_perms;

2
sepolicy/vendor/fuelgauged_nvram.te vendored Normal file
View file

@ -0,0 +1,2 @@
allow fuelgauged_nvram sysfs_dt_firmware_android:dir search;
allow fuelgauged_nvram sysfs_dt_firmware_android:file r_file_perms;

48
sepolicy/vendor/genfs_contexts vendored Normal file
View file

@ -0,0 +1,48 @@
# Battery
genfscon sysfs /devices/platform/odm/odm:usb_switch/power_supply/usb_switch u:object_r:sysfs_battery:s0
# Devices
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sda/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sdb/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sdc/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sda/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sdb/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sdc/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sda/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdb/queue u:object_r:sysfs_devices_block:s0
genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/queue u:object_r:sysfs_devices_block:s0
# Extcon
genfscon sysfs /devices/platform/extcon_usb u:object_r:sysfs_extcon:s0
genfscon sysfs /devices/platform/extcon_usb1 u:object_r:sysfs_extcon:s0
# Health
genfscon sysfs /devices/platform/soc/11017000.i2c/i2c-5/5-006b/power_supply/charger(/.*)? u:object_r:sysfs_batteryinfo:s0
# Gesture
genfscon proc /gesture_function u:object_r:proc_gesture_function:s0
genfscon proc /main_gesture_function u:object_r:proc_main_gesture_function:s0
# Label wakeup nodes
genfscon sysfs /devices/platform/11cb0000.i2c3/i2c-3/3-0018/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/11cb0000.i2c3/i2c-3/3-0028/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/11d03000.i2c7/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/11f00000.i2c5/i2c-5/5-004e/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/15020000.imgsys/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/15020000.imgsys_config/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19030000.vpu_core0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19031000.vpu_core1/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/1a000000.camsys/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/extcon_usb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/odm/odm:usb_switch/power_supply/usb_switch/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/pca_dv2_algo/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/usb0/11200000.xhci0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/usb0/wakeup u:object_r:sysfs_wakeup:s0
# Torch
genfscon sysfs /devices/virtual/sub_torch/sub_torch/sub_torch_level u:object_r:sysfs_sub_torch_file:s0
genfscon sysfs /devices/virtual/torch/torch/torch_level u:object_r:sysfs_torch_file:s0
# aw87xxx vmax
genfscon sysfs /devices/platform/1101a000.i2c7/i2c-7/7-0058/vmax u:object_r:aw87xxx_vmax:s0

11
sepolicy/vendor/hal_audio_default.te vendored Normal file
View file

@ -0,0 +1,11 @@
allow hal_audio_default ccci_aud_device:chr_file rw_file_perms;
allow hal_audio_default ebc_device:chr_file rw_file_perms;
allow hal_audio_default mtk_audiohal_data_file:dir create_dir_perms;
allow hal_audio_default mtk_audiohal_data_file:file create_file_perms;
allow hal_audio_default sysfs_boot_info:file r_file_perms;
allow hal_audio_default vow_device:chr_file rw_file_perms;
dontaudit hal_audio_default hal_power_hwservice:hwservice_manager find;
get_prop(hal_audio_default, vendor_audio_prop)
set_prop(hal_audio_default, vendor_mtk_audiohal_prop)

View file

@ -0,0 +1,12 @@
allow hal_fingerprint_default input_device:chr_file rw_file_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default mnt_vendor_file:dir search;
allow hal_fingerprint_default persist_data_file:dir create_dir_perms;
allow hal_fingerprint_default persist_data_file:file create_file_perms;
allow hal_fingerprint_default self:netlink_kobject_uevent_socket { read create bind setopt };
allow hal_fingerprint_default sysfs_fp_name_path:dir r_dir_perms;
allow hal_fingerprint_default sysfs_fp_name_path:file rw_file_perms;
allow hal_fingerprint_default vendor_gf_data_file:dir create_dir_perms;
allow hal_fingerprint_default vendor_gf_data_file:file create_file_perms;
set_prop(hal_fingerprint_default, vendor_fingerprint_prop)

3
sepolicy/vendor/hal_health_default.te vendored Normal file
View file

@ -0,0 +1,3 @@
allow hal_health_default sysfs:file read;
allow hal_health_default sysfs_battery:file { getattr open read };
allow hal_health_default sysfs_battery:dir search;

View file

@ -0,0 +1,2 @@
# Allow Keymint to set MTK TEEI Props
set_prop(hal_keymint_default, vendor_mtk_soter_teei_prop)

12
sepolicy/vendor/hal_nfc_default.te vendored Normal file
View file

@ -0,0 +1,12 @@
allow hal_nfc_default nxpnfc_hwservice:hwservice_manager { add find };
set_prop(hal_nfc, vendor_nfc_prop)
allow hal_nfc_default nfc_device:chr_file { read write };
allow hal_nfc_default nfc_data_file:file getattr;
allow hal_nfc_default vendor_nfc_prop:file { read open map getattr };
allow hal_nfc_default vendor_nfc_prop:property_service set;
allow hal_nfc_default nfc_vendor_data_file:dir { getattr add_name read write search remove_name };
allow hal_nfc_default nfc_vendor_data_file:file { getattr open create read write unlink setattr append };

35
sepolicy/vendor/hal_sensors_default.te vendored Normal file
View file

@ -0,0 +1,35 @@
# Allow to read sensor devices
allow hal_sensors_default hal_graphics_allocator_default:fd use;
allow hal_sensors_default gpu_device:dir create_dir_perms;
allow hal_sensors_default gpu_device:chr_file rw_file_perms;
allow hal_sensors_default dri_device:chr_file rw_file_perms;
allow hal_sensors_default ion_device:dir create_dir_perms;
allow hal_sensors_default ion_device:chr_file rw_file_perms;
allow hal_sensors_default system_file:dir r_dir_perms;
allow hal_sensors_default sysfs_sensor:dir r_dir_perms;
allow hal_sensors_default sysfs_sensor:file rw_file_perms;
allow hal_sensors_default hwmsensor_device:chr_file r_file_perms;
allow hal_sensors_default sensorlist_device:chr_file rw_file_perms;
allow hal_sensors_default m_acc_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_als_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_ps_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_mag_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_gyro_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_baro_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_hmdy_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_act_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_pedo_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_situ_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_step_c_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_fusion_misc_device:chr_file rw_file_perms;
allow hal_sensors_default m_bio_misc_device:chr_file rw_file_perms;
allow hal_sensors_default hf_manager_device:chr_file rw_file_perms;
allow hal_sensors_default sensor_data_file:file create_file_perms;
allow hal_sensors_default sensor_data_file:dir create_dir_perms;
allow hal_sensors_default nvcfg_file:file create_file_perms;
allow hal_sensors_default nvcfg_file:dir create_dir_perms;
allow hal_sensors_default mnt_vendor_file:dir search;
allow hal_sensors_default merged_hal_service:fd use;
allow hal_sensors_default sysfs_mtk_nanohub_state:file r_file_perms;
allow hal_sensors_default system_server:binder call;

View file

@ -0,0 +1,2 @@
allow hal_vibrator_default sysfs_leds:dir search;
allow hal_vibrator_default sysfs_leds:file rw_file_perms;

1
sepolicy/vendor/hal_wifi_default.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(hal_wifi_default, persist_vendor_debug_wifi_prop)

5
sepolicy/vendor/hwservice.te vendored Normal file
View file

@ -0,0 +1,5 @@
# Camera
type hal_trancamserver_hwservice, hwservice_manager_type;
# NXP NFC
type nxpnfc_hwservice, hwservice_manager_type;

17
sepolicy/vendor/hwservice_contexts vendored Normal file
View file

@ -0,0 +1,17 @@
# Camera
vendor.transsion.hardware.trancam.trancamserver::ITrancamserver u:object_r:hal_trancamserver_hwservice:s0
# Fingerprint
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonHbd u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonFido u:object_r:hal_fingerprint_hwservice:s0
vendor.mediatek.hardware.biometrics.fingerprint::ITranBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
vendor.fptool.fingerprint::IFptoolFingerprint u:object_r:hal_fingerprint_hwservice:s0
# NXP NFC
vendor.nxp.nxpnfc::INxpNfc u:object_r:nxpnfc_hwservice:s0
vendor.nxp.nxpnfclegacy::INxpNfcLegacy u:object_r:nxpnfc_hwservice:s0
# Wi-Fi
vendor.transsion.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0

5
sepolicy/vendor/init.te vendored Normal file
View file

@ -0,0 +1,5 @@
allow init sysfs_devices_block:file rw_file_perms;
allow init tranfs_block_device:blk_file { read relabelto };
get_prop(init, vendor_mtk_service_nvram_restore_prop)
get_prop(init, vts_status_prop)

1
sepolicy/vendor/mediacodec.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(mediacodec, vendor_mtk_omx_core_prop)

18
sepolicy/vendor/mtk_hal_camera.te vendored Normal file
View file

@ -0,0 +1,18 @@
binder_call(mtk_hal_camera, trancamserver)
allow mtk_hal_camera cml421_ois_device:chr_file rw_file_perms;
allow mtk_hal_camera cwvi5300_device:chr_file rw_file_perms;
allow mtk_hal_camera sysfs_dt_firmware_android:dir search;
allow mtk_hal_camera sysfs_dt_firmware_android:file r_file_perms;
allow mtk_hal_camera sysfs_sub_torch_file:file rw_file_perms;
allow mtk_hal_camera sysfs_torch_file:file rw_file_perms;
allow mtk_hal_camera sysfs_tran_cam_file:file rw_file_perms;
allow mtk_hal_camera transsion_camera_data_file:dir { write search add_name };
allow mtk_hal_camera transsion_camera_data_file:file {read write create open };
allow mtk_hal_camera vendor_watermark_data_file:dir { read write open add_name search };
allow mtk_hal_camera vendor_watermark_data_file:file { read write create getattr open };
allow mtk_hal_camera hal_trancamserver_hwservice:hwservice_manager find;
get_prop(mtk_hal_camera, vendor_camera_prop)
set_prop(mtk_hal_camera, vendor_mtk_camera_prop)

3
sepolicy/vendor/mtk_hal_power.te vendored Normal file
View file

@ -0,0 +1,3 @@
allow mtk_hal_power proc_meminfo:file r_file_perms;
allow mtk_hal_power proc_gesture_function:file rw_file_perms;
allow mtk_hal_power proc_main_gesture_function:file rw_file_perms;

1
sepolicy/vendor/mtk_hal_pq.te vendored Normal file
View file

@ -0,0 +1 @@
allow mtk_hal_pq ion_device:chr_file rw_file_perms;

1
sepolicy/vendor/netdagent.te vendored Normal file
View file

@ -0,0 +1 @@
dontaudit netdagent self:udp_socket create_socket_perms;

4
sepolicy/vendor/netutils_wrapper.te vendored Normal file
View file

@ -0,0 +1,4 @@
allow netutils_wrapper ccci_vts_device:chr_file rw_file_perms;
allow netutils_wrapper ccci_wifi_proxy_device:chr_file rw_file_perms;
allow netutils_wrapper rild:file r_file_perms;
allow netutils_wrapper ccci_device:chr_file rw_file_perms;

5
sepolicy/vendor/nfc.te vendored Normal file
View file

@ -0,0 +1,5 @@
# allow NFC process to call into the NFC HAL
allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nxpnfc_hwservice:hwservice_manager find;
allow nfc nfc_vendor_data_file:dir { create_dir_perms add_name search read write create remove_name };
allow nfc nfc_vendor_data_file:file create_file_perms;

1
sepolicy/vendor/nvram_daemon.te vendored Normal file
View file

@ -0,0 +1 @@
set_prop(nvram_daemon, vendor_mtk_service_nvram_restore_prop)

2
sepolicy/vendor/platform_app.te vendored Normal file
View file

@ -0,0 +1,2 @@
#============= platform_app ==============
allow platform_app nfc_service:service_manager find;

1
sepolicy/vendor/priv_app.te vendored Normal file
View file

@ -0,0 +1 @@
allow priv_app metadata_file:dir { read open getattr };

8
sepolicy/vendor/property.te vendored Normal file
View file

@ -0,0 +1,8 @@
# Audio
vendor_internal_prop(vendor_audio_prop)
# NVRAM
vendor_restricted_prop(vendor_mtk_service_nvram_restore_prop)
# NFC
vendor_internal_prop(vendor_nfc_prop)

35
sepolicy/vendor/property_contexts vendored Normal file
View file

@ -0,0 +1,35 @@
# Audio
ro.vendor.qti.va_aosp.support u:object_r:vendor_audio_prop:s0
# Camera
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
ro.mtk_cam_dualzoom_support u:object_r:vendor_mtk_camera_prop:s0
ro.mtk_cam_stereo_camera_support u:object_r:vendor_mtk_camera_prop:s0
vendor.debug.seninf.hs_trail u:object_r:vendor_mtk_camera_prop:s0
st_repair.debug. u:object_r:exported_default_prop:s0
RUNTIME_OVERRIDE_OPENCL_MEM_TYPE u:object_r:exported_default_prop:s0
RUNTIME_OVERRIDE_LOG_LEVEL u:object_r:exported_default_prop:s0
demo. u:object_r:exported_default_prop:s0
# Display
ro.vendor.mtk_hdr_video_support u:object_r:vendor_mtk_default_prop:s0
# Fingerprint
persist.vendor.goodix.dump_data u:object_r:vendor_fingerprint_prop:s0
persist.vendor.sys.fp.goodix.spmt.flag u:object_r:vendor_fingerprint_prop:s0
vendor.fp.goodix.X.offset u:object_r:vendor_fingerprint_prop:s0
vendor.fp.goodix.Y.offset u:object_r:vendor_fingerprint_prop:s0
vendor.fp.transsion.lcmname u:object_r:vendor_fingerprint_prop:s0
# Key manager
ro.mtk_key_manager_support u:object_r:vendor_mtk_default_prop:s0
# NFC properties
persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
# NVRAM
vendor.service.nvram_restore u:object_r:vendor_mtk_service_nvram_restore_prop:s0
# VT
ro.vendor.vt. u:object_r:vendor_mtk_vendor_vt_prop:s0

3
sepolicy/vendor/system_server.te vendored Normal file
View file

@ -0,0 +1,3 @@
allow system_server sysfs_OTG_STATE_file:file { read write getattr open };
get_prop(system_server, wifi_hal_prop)

1
sepolicy/vendor/thermal_core.te vendored Normal file
View file

@ -0,0 +1 @@
allow thermal_core sysfs_thermal:dir search;

7
sepolicy/vendor/trancamserver.te vendored Normal file
View file

@ -0,0 +1,7 @@
type trancamserver, domain, halserverdomain;
type trancamserver_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(trancamserver)
allow trancamserver hal_trancamserver_hwservice:hwservice_manager { find add };
allow trancamserver hidl_base_hwservice:hwservice_manager add;

3
sepolicy/vendor/untrusted_app.te vendored Normal file
View file

@ -0,0 +1,3 @@
allow untrusted_app unlabeled:filesystem getattr;
get_prop(untrusted_app, vendor_camera_prop)

6
sepolicy/vendor/vendor_init.te vendored Normal file
View file

@ -0,0 +1,6 @@
allow vendor_init cgroup:file rw_file_perms;
allow vendor_init proc:file write;
allow vendor_init storage_dbg_data_file:dir create_dir_perms;
set_prop(vendor_init, vendor_mtk_camera_prop)
get_prop(vendor_init, vts_status_prop)

1
sepolicy/vendor/vtservice.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(vtservice, vendor_mtk_vendor_vt_prop)