msm8937-common: sepolicy: Organize for treble compatibility
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
This commit is contained in:
Isaac Chen
parent
3e93f804b6
commit
724868de36
8 changed files with 62 additions and 26 deletions
26
sepolicy/bluetooth_loader-qcom.te
Normal file
26
sepolicy/bluetooth_loader-qcom.te
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
type bluetooth_loader, domain;
|
||||
type bluetooth_loader_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
# Started by init
|
||||
init_daemon_domain(bluetooth_loader)
|
||||
|
||||
# Get persist.service.bdroid.*, bluetooth.* and wcnss property values
|
||||
get_prop(bluetooth_loader, bluetooth_prop)
|
||||
get_prop(bluetooth_loader, wcnss_prop)
|
||||
|
||||
# Access the serial device
|
||||
allow bluetooth_loader serial_device:chr_file rw_file_perms;
|
||||
|
||||
# And the smd device
|
||||
allow bluetooth_loader smd_device:chr_file rw_file_perms;
|
||||
|
||||
# And qmuxd
|
||||
allow bluetooth_loader qmuxd_socket:dir create_dir_perms;
|
||||
allow bluetooth_loader qmuxd_socket:sock_file create_file_perms;
|
||||
allow bluetooth_loader qmuxd:unix_stream_socket connectto;
|
||||
|
||||
r_dir_file(bluetooth_loader, persist_file)
|
||||
|
||||
userdebug_or_eng(`
|
||||
diag_use(bluetooth_loader)
|
||||
')
|
||||
|
|
@ -1,5 +1,8 @@
|
|||
# Biometric
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_msm8937 u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_msm8937 u:object_r:hal_fingerprint_msm8937_exec:s0
|
||||
|
||||
# Bluetooth
|
||||
/(vendor|system/vendor)/bin/hci_qcomm_init u:object_r:bluetooth_loader_exec:s0
|
||||
|
||||
# Block devices
|
||||
/dev/block/bootdevice/by-name/persist u:object_r:persist_block_device:s0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
type gx_fpd, domain;
|
||||
type gx_fpd_exec, exec_type, file_type;
|
||||
type gx_fpd, domain, binder_in_vendor_violators;
|
||||
type gx_fpd_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
# gx_fpd
|
||||
init_daemon_domain(gx_fpd)
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
allow hal_camera_default camera_data_file:sock_file rw_file_perms;
|
||||
allow hal_camera_default camera_data_file:sock_file read;
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
binder_use(hal_fingerprint_default)
|
||||
add_service(hal_fingerprint_default, hal_fingerprint_service)
|
||||
binder_call(hal_fingerprint_default, gx_fpd)
|
||||
|
||||
allow hal_fingerprint_default gx_fpd_service:service_manager find;
|
||||
|
||||
allow gx_fpd hal_fingerprint_default:binder call;
|
||||
|
||||
allow hal_fingerprint_default fingerprint_service:service_manager find;
|
||||
allow hal_fingerprint_default keystore_service:service_manager find;
|
||||
|
||||
allow hal_fingerprint_default fpc_sysfs:file rw_file_perms;
|
||||
allow hal_fingerprint_default fpc_sysfs:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default fpc_data_file:sock_file create_file_perms;
|
||||
|
||||
r_dir_file(hal_fingerprint_default, firmware_file)
|
||||
|
||||
use_keystore(hal_fingerprint_default)
|
||||
27
sepolicy/hal_fingerprint_msm8937.te
Normal file
27
sepolicy/hal_fingerprint_msm8937.te
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
type hal_fingerprint_msm8937, domain, binder_in_vendor_violators;
|
||||
hal_server_domain(hal_fingerprint_msm8937, hal_fingerprint)
|
||||
|
||||
type hal_fingerprint_msm8937_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_fingerprint_msm8937)
|
||||
|
||||
binder_use(hal_fingerprint_msm8937)
|
||||
add_service(hal_fingerprint_msm8937, hal_fingerprint_msm8937_service)
|
||||
binder_call(hal_fingerprint_msm8937, gx_fpd)
|
||||
|
||||
allow hal_fingerprint_msm8937 gx_fpd_service:service_manager find;
|
||||
|
||||
allow gx_fpd hal_fingerprint_msm8937:binder call;
|
||||
|
||||
allow hal_fingerprint_msm8937 fingerprint_service:service_manager find;
|
||||
allow hal_fingerprint_msm8937 keystore_service:service_manager find;
|
||||
|
||||
allow hal_fingerprint_msm8937 fpc_sysfs:file rw_file_perms;
|
||||
allow hal_fingerprint_msm8937 fpc_sysfs:dir rw_dir_perms;
|
||||
allow hal_fingerprint_msm8937 tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_msm8937 uhid_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_msm8937 fpc_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_msm8937 fpc_data_file:sock_file create_file_perms;
|
||||
|
||||
r_dir_file(hal_fingerprint_msm8937, firmware_file)
|
||||
|
||||
use_keystore(hal_fingerprint_msm8937)
|
||||
|
|
@ -1 +1,2 @@
|
|||
type gx_fpd_service, service_manager_type;
|
||||
type hal_fingerprint_msm8937_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
goodix.fp u:object_r:gx_fpd_service:s0
|
||||
android.hardware.fingerprint.IFingerprintCustomDaemon u:object_r:hal_fingerprint_service:s0
|
||||
android.hardware.fingerprint.IFingerprintCustomDaemon u:object_r:hal_fingerprint_msm8937_service:s0
|
||||
|
|
|
|||
Loading…
Reference in a new issue