sanders: sepol: update sepolicy

-ref: https://github.com/crdroidandroid/android_device_motorola_sanders/tree/10.0-20200126

Signed-off-by: ronaxdevil <pratabidya.007@gmail.com>
This commit is contained in:
ronaxdevil
2020-03-26 10:26:49 +05:30
committed by ArmSM
parent e4a48bc271
commit 63a775260b
79 changed files with 399 additions and 267 deletions

View File

@@ -2,9 +2,11 @@
#binder_call(init, hwservicemanager);
# binder_call(init, servicemanager);
#allow init hwservicemanager:binder call;
#allow init mm-qcamerad:binder transfer;
#allow init platform_app:binder transfer;
add_hwservice( init, hal_camera_hwservice);
allow init hwservicemanager:binder call;
allow init mm-qcamerad:binder transfer;
allow init platform_app:binder transfer;
allow init system_app:binder transfer;
allow init system_data_file:file lock;
@@ -12,7 +14,7 @@ allow init system_data_file:file lock;
allow init audio_device:chr_file { write ioctl };
allow init input_device:chr_file rw_file_perms;
allow init sensors_device:chr_file { write ioctl };
#allow init tee_device:chr_file { write ioctl };
allow init tee_device:chr_file { write ioctl };
allow init servicemanager:binder { transfer call };
allow init system_server:binder { transfer call };
@@ -20,10 +22,10 @@ allow init system_server:binder { transfer call };
allow init property_socket:sock_file write;
allow init socket_device:sock_file { create setattr unlink };
#allow init system_data_file:file { rename append };
#allow init firmware_file:dir mounton;
allow init system_data_file:file { rename append };
allow init firmware_file:dir mounton;
#allow init fm_radio_device:chr_file write;
allow init fm_radio_device:chr_file write;
# ptt_socket_app
allow init dnsproxyd_socket:sock_file write;
@@ -31,12 +33,12 @@ allow init netd:unix_stream_socket connectto;
allow init self:netlink_socket { read write getattr connect };
allow init debugfs:file write;
#allow init persist_file:filesystem { getattr mount relabelfrom relabelto unmount };
allow init persist_file:filesystem { getattr mount relabelfrom relabelto unmount };
allow init self:capability sys_nice;
#allow init bt_firmware_file:filesystem { associate };
#allow init firmware_file:filesystem { associate };
allow init bt_firmware_file:filesystem { associate };
allow init firmware_file:filesystem { associate };
allow init sensors_device:chr_file { rw_file_perms create };
@@ -44,10 +46,21 @@ allow init self:netlink_route_socket { bind create getopt nlmsg_read read setopt
allow init self:capability2 { block_suspend };
#allow init hal_sensors_hwservice:hwservice_manager find;
#allow init { domain -lmkd -crash_dump }:process noatsecure;
#allow init hal_perf_hwservice:hwservice_manager find;
allow init hal_sensors_hwservice:hwservice_manager find;
allow init { domain -lmkd -crash_dump }:process noatsecure;
allow init hal_perf_hwservice:hwservice_manager find;
allow init hidl_base_hwservice:hwservice_manager add;
allow init hidl_allocator_hwservice:hwservice_manager { find };
allow init hal_graphics_mapper_hwservice:hwservice_manager { find };
allow init hal_bluetooth_hwservice:hwservice_manager { find };
allow init hidl_base_hwservice:hwservice_manager { add };
allow init hal_gnss_hwservice:hwservice_manager { find };
allow init system_net_netd_hwservice:hwservice_manager { find };
allow init default_android_hwservice:hwservice_manager { add find };
allow init hal_camera_hwservice:hwservice_manager add;
allow init hal_fingerprint_hwservice:hwservice_manager add;
allow init sysfs:file setattr;
allow init system_file:dir relabelfrom;
allow init shell_exec:file execute_no_trans;
allow init system_file:file relabelfrom;