diff options
author | Davide Garberi <dade.garberi@gmail.com> | 2020-02-21 21:06:49 +0100 |
---|---|---|
committer | Michael Bestas <mkbestas@lineageos.org> | 2020-04-30 00:49:34 +0300 |
commit | d5763c2d21d287417856a080e67d6f391effb790 (patch) | |
tree | e94576b391663c093b38156307a5bff35a1e0dbb | |
parent | c61ad40914bd6040877cb8ee3789c76bd893f607 (diff) |
sdm660-common: sepolicy: Address some denials
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
-rw-r--r-- | rootdir/etc/init.qcom.rc | 24 | ||||
-rw-r--r-- | sepolicy/vendor/genfs_contexts | 6 | ||||
-rw-r--r-- | sepolicy/vendor/hal_camera_default.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/hal_sensors_default.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/property_contexts | 2 | ||||
-rw-r--r-- | sepolicy/vendor/vendor_init.te | 1 |
6 files changed, 23 insertions, 12 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index fe328dd..090beed 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -184,14 +184,14 @@ on boot chown wifi wifi /sys/class/net/bond0/bonding/queue_id # Allow access to emmc rawdump block partition and dload sysfs node - chown root system /dev/block/bootdevice/by-name/rawdump - chmod 0660 /dev/block/bootdevice/by-name/rawdump - chown root system /sys/kernel/dload/emmc_dload - chmod 0660 /sys/kernel/dload/emmc_dload - chown root system /dev/block/bootdevice/by-name/ramdump - chmod 0660 /dev/block/bootdevice/by-name/ramdump - chown root system /sys/kernel/dload/dload_mode - chmod 0660 /sys/kernel/dload/dload_mode + #chown root system /dev/block/bootdevice/by-name/rawdump + #chmod 0660 /dev/block/bootdevice/by-name/rawdump + #chown root system /sys/kernel/dload/emmc_dload + #chmod 0660 /sys/kernel/dload/emmc_dload + #chown root system /dev/block/bootdevice/by-name/ramdump + #chmod 0660 /dev/block/bootdevice/by-name/ramdump + #chown root system /sys/kernel/dload/dload_mode + #chmod 0660 /sys/kernel/dload/dload_mode chown system system /sys/class/backlight/panel0-backlight/brightness chown system system /sys/class/backlight/panel0-backlight/max_brightness @@ -453,11 +453,11 @@ on property:persist.vendor.ssr.enable_ramdumps=1 on property:persist.vendor.ssr.enable_ramdumps=0 write /sys/module/subsystem_restart/parameters/enable_ramdumps 0 -on property:persist.vendor.sys.rawdump_copy=1 - write /sys/kernel/dload/emmc_dload 1 +#on property:persist.vendor.sys.rawdump_copy=1 +# write /sys/kernel/dload/emmc_dload 1 -on property:persist.vendor.sys.rawdump_copy=0 - write /sys/kernel/dload/emmc_dload 0 +#on property:persist.vendor.sys.rawdump_copy=0 +# write /sys/kernel/dload/emmc_dload 0 on property:sys.boot_completed=1 write /dev/kmsg "Boot completed " diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 4589cfc..baf0bae 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,13 +1,19 @@ # Battery genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0 +# Camera +genfscon sysfs /devices/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /camera_sensorid/sensorid u:object_r:sysfs_graphics:s0 + # Fingerprint genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fpc1020/device_prepare u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait u:object_r:sysfs_fingerprint:s0 +genfscon sysfs /devices/soc/soc:fpc1020/irq u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fpc1020/irq_enable u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable u:object_r:sysfs_fingerprint:s0 diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te new file mode 100644 index 0000000..6a3d424 --- /dev/null +++ b/sepolicy/vendor/hal_camera_default.te @@ -0,0 +1 @@ +allow hal_camera_default sysfs_kgsl:file r_file_perms; diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te new file mode 100644 index 0000000..a72057f --- /dev/null +++ b/sepolicy/vendor/hal_sensors_default.te @@ -0,0 +1 @@ +set_prop(hal_sensors_default, camera_prop) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 617ac13..6d83f88 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -10,6 +10,8 @@ cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0 cpp.set.clock u:object_r:vendor_default_prop:s0 disable.cpp.power.collapse u:object_r:vendor_default_prop:s0 persist.camera. u:object_r:vendor_default_prop:s0 +persist.vendor.camera. u:object_r:camera_prop:s0 +vendor.camera.eis.gyro_name u:object_r:camera_prop:s0 # Fingerprint fpc_kpi u:object_r:vendor_default_prop:s0 diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index b3d4c00..466bd1d 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -6,3 +6,4 @@ allow vendor_init { }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; set_prop(vendor_init, freq_prop) +set_prop(vendor_init, camera_prop) |