diff --git a/sepolicy/adspd.te b/sepolicy/adspd.te index e6cee41..b11e40d 100644 --- a/sepolicy/adspd.te +++ b/sepolicy/adspd.te @@ -1,4 +1,4 @@ -type adspd, domain, domain_deprecated; +type adspd, domain; type adspd_exec, exec_type, file_type; init_daemon_domain(adspd) diff --git a/sepolicy/akmd.te b/sepolicy/akmd.te index f09c5b3..8670813 100644 --- a/sepolicy/akmd.te +++ b/sepolicy/akmd.te @@ -1,4 +1,4 @@ -type akmd, domain, domain_deprecated; +type akmd, domain; type akmd_exec, exec_type, file_type; init_daemon_domain(akmd) diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te new file mode 100644 index 0000000..ff626cc --- /dev/null +++ b/sepolicy/bluetooth_loader.te @@ -0,0 +1,40 @@ +# Bluetooth executables and scripts +type bluetooth_loader, domain; +type bluetooth_loader_exec, exec_type, file_type; + +# Start bdAddrLoader from init +init_daemon_domain(bluetooth_loader) + +# Run init.qcom.bt.sh +allow bluetooth_loader shell_exec:file { entrypoint getattr read }; +allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans }; + +# init.qcom.bt.sh needs /system/bin/log access +allow bluetooth_loader devpts:chr_file rw_file_perms; + +# Run hci_qcomm_init from init.qcom.bt.sh +domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach) +allow hci_attach bluetooth_loader:fd use; + +# Set persist.service.bdroid.* and bluetooth.* property values +set_prop(bluetooth_loader, bluetooth_prop) + +# Allow getprop/setprop for init.qcom.bt.sh +allow bluetooth_loader system_file:file execute_no_trans; +allow bluetooth_loader toolbox_exec:file rx_file_perms; + +# Allow hci_qcomm_init /persist/.bt_nv.bin access +r_dir_file(bluetooth_loader, persist_file); +allow bluetooth_loader bluetooth_data_file:file r_file_perms; + +# Access the smd device +allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms; + +# And qmuxd +allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search }; +allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink }; +allow bluetooth_loader qmuxd:unix_stream_socket { connectto }; + +userdebug_or_eng(` + diag_use(bluetooth_loader) +') diff --git a/sepolicy/config_bluetooth.te b/sepolicy/config_bluetooth.te index 8c2e3c8..e1cde29 100644 --- a/sepolicy/config_bluetooth.te +++ b/sepolicy/config_bluetooth.te @@ -1,3 +1,3 @@ -type config_bluetooth, domain, domain_deprecated; +type config_bluetooth, domain; type config_bluetooth_exec, exec_type, file_type; init_daemon_domain(config_bluetooth) diff --git a/sepolicy/device.te b/sepolicy/device.te index 8744bee..305c769 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -4,6 +4,7 @@ type compass_device, dev_type; type haptics_device, dev_type; type hob_device, dev_type; type hw_block_device, dev_type; +type persist_block_device, dev_type; type graphics_fb_device, dev_type; type synaptics_rmi_device, dev_type; type shwi_device, dev_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 3b05864..109f3b3 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -15,6 +15,7 @@ /system/bin/wlan_carrier_bin\.sh u:object_r:init_wifi_exec:s0 /system/bin/motosh u:object_r:sensor_hub_exec:s0 /system/bin/akmd09912 u:object_r:akmd_exec:s0 +/system/etc/init\.qcom\.bt\.sh u:object_r:bluetooth_loader_exec:s0 # CMActions /sys/homebutton(/.*)? u:object_r:sysfs_homebutton:s0 @@ -48,6 +49,7 @@ /persist/batt_health(/.*)? u:object_r:pds_batt_file:s0 /persist/public/omadm(/.*)? u:object_r:pds_omadm_file:s0 /persist/factory/audio(/.*)? u:object_r:persist_audio_file:s0 +/persist/\.bt_nv\.bin u:object_r:bluetooth_data_file:s0 /data/wapi_certificate(/.*)? u:object_r:wapi_supplicant_data_file:s0 @@ -82,6 +84,7 @@ /dev/stml0xx_akm u:object_r:compass_device:s0 /dev/akm09912_dev u:object_r:compass_device:s0 /dev/mot_hob_ram u:object_r:hob_device:s0 +/dev/smd3 u:object_r:hci_attach_dev:s0 /dev/bcm2079x-i2c u:object_r:nfc_device:s0 diff --git a/sepolicy/hci_attach.te b/sepolicy/hci_attach.te new file mode 100644 index 0000000..6ac5cf8 --- /dev/null +++ b/sepolicy/hci_attach.te @@ -0,0 +1,9 @@ +type hci_attach, domain; +type hci_attach_exec, exec_type, file_type; + +init_daemon_domain(hci_attach) + +allow hci_attach kernel:system module_request; +allow hci_attach hci_attach_dev:chr_file rw_file_perms; +allow hci_attach bluetooth_efs_file:dir r_dir_perms; +allow hci_attach bluetooth_efs_file:file r_file_perms; \ No newline at end of file diff --git a/sepolicy/init_wifi.te b/sepolicy/init_wifi.te index 6f32521..dbd4b95 100644 --- a/sepolicy/init_wifi.te +++ b/sepolicy/init_wifi.te @@ -1,4 +1,4 @@ -type init_wifi, domain, domain_deprecated; +type init_wifi, domain; type init_wifi_exec, exec_type, file_type; init_daemon_domain(init_wifi) diff --git a/sepolicy/mmi_boot.te b/sepolicy/mmi_boot.te index 8a6ea1a..23f5431 100644 --- a/sepolicy/mmi_boot.te +++ b/sepolicy/mmi_boot.te @@ -1,4 +1,4 @@ -type mmi_boot, domain, domain_deprecated; +type mmi_boot, domain; type mmi_boot_exec, exec_type, file_type; init_daemon_domain(mmi_boot) diff --git a/sepolicy/rild.te b/sepolicy/rild.te index e6a5d96..1f19d2c 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -8,6 +8,4 @@ allow rild persist_file:file rw_file_perms; allow rild sensorservice_service:service_manager find; allow rild system_server:binder { transfer call }; allow rild system_server:unix_stream_socket { read getopt write }; -allow rild wpa:unix_dgram_socket sendto; -allow rild wpa_socket:sock_file { read write }; diff --git a/sepolicy/sensor_hub.te b/sepolicy/sensor_hub.te index e0e5ef8..d86fb50 100644 --- a/sepolicy/sensor_hub.te +++ b/sepolicy/sensor_hub.te @@ -1,4 +1,4 @@ -type sensor_hub, domain, domain_deprecated; +type sensor_hub, domain; type sensor_hub_exec, exec_type, file_type; init_daemon_domain(sensor_hub) diff --git a/sepolicy/wpa.te b/sepolicy/wpa.te deleted file mode 100644 index eeb7b7f..0000000 --- a/sepolicy/wpa.te +++ /dev/null @@ -1,3 +0,0 @@ -allow wpa cutback_data_file:dir rw_dir_perms; -allow wpa cutback_data_file:sock_file rw_file_perms; -allow wpa rild:unix_dgram_socket sendto;