summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavide Garberi <dade.garberi@gmail.com>2020-02-21 21:06:49 +0100
committerMichael Bestas <mkbestas@lineageos.org>2020-04-30 00:49:34 +0300
commitd5763c2d21d287417856a080e67d6f391effb790 (patch)
treee94576b391663c093b38156307a5bff35a1e0dbb
parentc61ad40914bd6040877cb8ee3789c76bd893f607 (diff)
sdm660-common: sepolicy: Address some denials
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
-rw-r--r--rootdir/etc/init.qcom.rc24
-rw-r--r--sepolicy/vendor/genfs_contexts6
-rw-r--r--sepolicy/vendor/hal_camera_default.te1
-rw-r--r--sepolicy/vendor/hal_sensors_default.te1
-rw-r--r--sepolicy/vendor/property_contexts2
-rw-r--r--sepolicy/vendor/vendor_init.te1
6 files changed, 23 insertions, 12 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index fe328dd..090beed 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -184,14 +184,14 @@ on boot
chown wifi wifi /sys/class/net/bond0/bonding/queue_id
# Allow access to emmc rawdump block partition and dload sysfs node
- chown root system /dev/block/bootdevice/by-name/rawdump
- chmod 0660 /dev/block/bootdevice/by-name/rawdump
- chown root system /sys/kernel/dload/emmc_dload
- chmod 0660 /sys/kernel/dload/emmc_dload
- chown root system /dev/block/bootdevice/by-name/ramdump
- chmod 0660 /dev/block/bootdevice/by-name/ramdump
- chown root system /sys/kernel/dload/dload_mode
- chmod 0660 /sys/kernel/dload/dload_mode
+ #chown root system /dev/block/bootdevice/by-name/rawdump
+ #chmod 0660 /dev/block/bootdevice/by-name/rawdump
+ #chown root system /sys/kernel/dload/emmc_dload
+ #chmod 0660 /sys/kernel/dload/emmc_dload
+ #chown root system /dev/block/bootdevice/by-name/ramdump
+ #chmod 0660 /dev/block/bootdevice/by-name/ramdump
+ #chown root system /sys/kernel/dload/dload_mode
+ #chmod 0660 /sys/kernel/dload/dload_mode
chown system system /sys/class/backlight/panel0-backlight/brightness
chown system system /sys/class/backlight/panel0-backlight/max_brightness
@@ -453,11 +453,11 @@ on property:persist.vendor.ssr.enable_ramdumps=1
on property:persist.vendor.ssr.enable_ramdumps=0
write /sys/module/subsystem_restart/parameters/enable_ramdumps 0
-on property:persist.vendor.sys.rawdump_copy=1
- write /sys/kernel/dload/emmc_dload 1
+#on property:persist.vendor.sys.rawdump_copy=1
+# write /sys/kernel/dload/emmc_dload 1
-on property:persist.vendor.sys.rawdump_copy=0
- write /sys/kernel/dload/emmc_dload 0
+#on property:persist.vendor.sys.rawdump_copy=0
+# write /sys/kernel/dload/emmc_dload 0
on property:sys.boot_completed=1
write /dev/kmsg "Boot completed "
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 4589cfc..baf0bae 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,13 +1,19 @@
# Battery
genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0
+# Camera
+genfscon sysfs /devices/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name u:object_r:sysfs_graphics:s0
+genfscon sysfs /camera_sensorid/sensorid u:object_r:sysfs_graphics:s0
+
# Fingerprint
genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:sysfs_fingerprint:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fpc1020/device_prepare u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait u:object_r:sysfs_fingerprint:s0
+genfscon sysfs /devices/soc/soc:fpc1020/irq u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fpc1020/irq_enable u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable u:object_r:sysfs_fingerprint:s0
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
new file mode 100644
index 0000000..6a3d424
--- /dev/null
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -0,0 +1 @@
+allow hal_camera_default sysfs_kgsl:file r_file_perms;
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
new file mode 100644
index 0000000..a72057f
--- /dev/null
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -0,0 +1 @@
+set_prop(hal_sensors_default, camera_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 617ac13..6d83f88 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -10,6 +10,8 @@ cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0
cpp.set.clock u:object_r:vendor_default_prop:s0
disable.cpp.power.collapse u:object_r:vendor_default_prop:s0
persist.camera. u:object_r:vendor_default_prop:s0
+persist.vendor.camera. u:object_r:camera_prop:s0
+vendor.camera.eis.gyro_name u:object_r:camera_prop:s0
# Fingerprint
fpc_kpi u:object_r:vendor_default_prop:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index b3d4c00..466bd1d 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -6,3 +6,4 @@ allow vendor_init {
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
set_prop(vendor_init, freq_prop)
+set_prop(vendor_init, camera_prop)