msm8953-common: Import sepolicy from sdm660 tree

2020-11-15 10:51:35 +01:00
parent 464b0ce482
commit 7535f9d5ae
53 changed files with 600 additions and 12 deletions
--- a/sepolicy/vendor/vendor_toolbox.te
+++ b/sepolicy/vendor/vendor_toolbox.te
@@ -0,0 +1,54 @@
+type vendor_toolbox, domain;
+
+init_daemon_domain(vendor_toolbox)
+
+# Allow vendor_toolbox to use sys_admin capability
+allow vendor_toolbox self:capability sys_admin;
+
+# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
+allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
+
+# Allow vendor_toolbox to read directories in rootfs
+allow vendor_toolbox rootfs:dir r_dir_perms;
+
+# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
+allow vendor_toolbox {
+    fingerprint_data_file
+    mnt_vendor_file
+    persist_alarm_file
+    persist_audio_file
+    persist_block_device
+    persist_bluetooth_file
+    persist_bms_file
+    persist_camera_file
+    persist_display_file
+    persist_drm_file
+    persist_file
+    persist_hvdcp_file
+    persist_mdm_file
+    persist_misc_file
+    persist_qti_fp_file
+    persist_rfs_file
+    persist_rfs_shared_hlos_file
+    persist_secnvm_file
+    persist_time_file
+    persist_vpp_file
+    regionalization_file
+    rfs_file
+    rfs_shared_hlos_file
+    sensors_persist_file
+    unlabeled
+    vendor_persist_mmi_file
+}:dir { r_dir_perms setattr };
+
+allow vendor_toolbox {
+    fingerprint_data_file
+    mnt_vendor_file
+    persist_bluetooth_file
+    persist_camera_file
+    persist_drm_file
+    persist_mdm_file
+    persist_rfs_file
+    persist_time_file
+    sensors_persist_file
+}:file { r_file_perms setattr };