diff options
| -rw-r--r-- | sepolicy/addrsetup.te | 2 | ||||
| -rw-r--r-- | sepolicy/credmgrd.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 9 | ||||
| -rw-r--r-- | sepolicy/idd.te | 1 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/workarounds.te | 17 |
6 files changed, 23 insertions, 9 deletions
diff --git a/sepolicy/addrsetup.te b/sepolicy/addrsetup.te index 773acef..805450c 100644 --- a/sepolicy/addrsetup.te +++ b/sepolicy/addrsetup.te @@ -10,6 +10,8 @@ unix_socket_connect(addrsetup, tad, tad) allow addrsetup bluetooth_data_file:dir rw_dir_perms; allow addrsetup bluetooth_data_file:file create_file_perms; +allow addrsetup self:capability dac_override; + allow addrsetup sysfs_addrsetup:file rw_file_perms; allow addrsetup urandom_device:file read; diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te index 9a26a89..9e9df9e 100644 --- a/sepolicy/credmgrd.te +++ b/sepolicy/credmgrd.te @@ -40,6 +40,7 @@ allow credmgrd mm-qcamerad:unix_stream_socket connectto; allow credmgrd tee_device:chr_file rw_file_perms; #credmgrd suntrold +allow credmgrd suntrold_sock_socket:dir search; allow credmgrd suntrold_sock_socket:unix_dgram_socket sendto; allow credmgrd suntrold_sock_socket:unix_stream_socket connectto; allow credmgrd suntrold_sock_socket:sock_file write; @@ -54,6 +55,7 @@ allow credmgrd iddd_file:unix_dgram_socket sendto; #/mnt/idd is tmpfs +allow credmgrd tmpfs:dir search; allow credmgrd tmpfs:lnk_file read; #credmgrd ion diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index ef24289..9f2d734 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -49,3 +49,12 @@ # macaddrsetup /system/bin/macaddrsetup u:object_r:addrsetup_exec:s0 /sys/devices/platform/bcmdhd_wlan/macaddr u:object_r:sysfs_addrsetup:s0 + +#KGSL +/sys/devices/fdb00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:sysfs_thermal:s0 +/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk u:object_r:sysfs_thermal:s0 +/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/reset_count u:object_r:sysfs_thermal:s0 + +# ZRAM +/sys/devices/virtual/block/zram0/mm_stat u:object_r:sysfs_zram:s0 + diff --git a/sepolicy/idd.te b/sepolicy/idd.te index 5d7a3f7..1a59cc4 100644 --- a/sepolicy/idd.te +++ b/sepolicy/idd.te @@ -43,3 +43,4 @@ allow iddd iddd_exec:file execute_no_trans; allow iddd iddd_file:dir create; allow iddd proc:file { getattr open read }; +allow iddd tmpfs:dir search; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te new file mode 100644 index 0000000..2adfc0e --- /dev/null +++ b/sepolicy/priv_app.te @@ -0,0 +1 @@ +allow priv_app device:dir { open read }; diff --git a/sepolicy/workarounds.te b/sepolicy/workarounds.te index b026b37..7b0b6ab 100644 --- a/sepolicy/workarounds.te +++ b/sepolicy/workarounds.te @@ -11,11 +11,9 @@ allow qti_init_shell tad:unix_stream_socket connectto; allow qti_init_shell tad_socket:sock_file write; allow qti_init_shell toolbox_exec:file entrypoint; - #============= mm-qcamerad ============== allow mm-qcamerad camera_device:chr_file { ioctl open read write }; -allow mm-qcamerad ta_data_file:dir { getattr open read }; - +allow mm-qcamerad ta_data_file:dir { getattr open read search }; #============= thermanager ============== allow thermanager sysfs:file { open read }; @@ -23,15 +21,16 @@ allow thermanager sysfs_battery_supply:dir search; allow thermanager sysfs_battery_supply:file { open read write }; #============= scd ============== -allow scd scd_data:dir getattr; +allow scd scd_data:dir { getattr search }; allow scd scd_data:file { getattr open read write }; -allow scd socket_device:dir { add_name write }; -allow scd socket_device:sock_file { create setattr }; +allow scd socket_device:dir { add_name remove_name write }; +allow scd socket_device:sock_file { create getattr setattr unlink write }; allow scd sysfs:file { getattr open read }; #============= wv ============== allow wv ion_device:chr_file { ioctl open read }; allow wv suntrold:unix_stream_socket connectto; +allow wv suntrold_sock_socket:dir search; allow wv suntrold_sock_socket:sock_file write; allow wv tad:unix_stream_socket connectto; allow wv tad_socket:sock_file write; @@ -39,11 +38,11 @@ allow wv tee_device:chr_file { ioctl open read write }; #============= mediaserver ============== allow mediaserver sensorservice_service:service_manager find; +allow mediaserver sysfs:file write; +allow mediaserver sysfs_battery_supply:dir search; +allow mediaserver sysfs_battery_supply:file { getattr open read }; allow mediaserver ta_data_file:dir { getattr open read }; #============= rmt_storage ============== allow rmt_storage self:capability dac_override; -#============= scd ============== -allow scd socket_device:sock_file write; - |