diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts index 9b19534..9740bed 100644 --- a/sepolicy/private/property_contexts +++ b/sepolicy/private/property_contexts @@ -1,3 +1,3 @@ -persist.nfc. u:object_r:vendor_nfc_prop:s0 +#persist.nfc. u:object_r:vendor_nfc_prop:s0 ro.camera. u:object_r:vendor_camera_prop:s0 ro.gfx.driver.1 u:object_r:graphics_config_prop:s0 diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index f0506ed..486356a 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -3,10 +3,10 @@ type oem_file, file_type; type opf_file, file_type; # procfs -type proc_direct_swappiness, fs_type, proc_type; -type proc_swappiness, fs_type, proc_type; -type proc_touchpanel, fs_type, proc_type; -type proc_watermark_boost_factor, fs_type, proc_type; +#type proc_direct_swappiness, fs_type, proc_type; +#type proc_swappiness, fs_type, proc_type; +#type proc_touchpanel, fs_type, proc_type; +#type proc_watermark_boost_factor, fs_type, proc_type; # sysfs type sysfs_dash_charger, fs_type, proc_type, sysfs_type; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 34d43e6..0a4791e 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -7,8 +7,8 @@ genfscon proc /enhance_dash u:object_r:sysfs_dash_charge genfscon proc /n76e_exit u:object_r:sysfs_dash_charger:s0 genfscon proc /ship_mode u:object_r:sysfs_dash_charger:s0 genfscon proc /swarp_chg_exist u:object_r:sysfs_dash_charger:s0 -genfscon proc /touchpanel u:object_r:proc_touchpanel:s0 -genfscon proc /warp_chg_exit u:object_r:sysfs_dash_charger:s0 +#genfscon proc /touchpanel u:object_r:proc_touchpanel:s0 +#genfscon proc /warp_chg_exit u:object_r:sysfs_dash_charger:s0 # sysfs genfscon sysfs /devices/platform/soc/880000.i2c/i2c-5/5-005a/leds/vibrator u:object_r:sysfs_leds:s0 diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..a5f21d3 --- /dev/null +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -0,0 +1,42 @@ +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; + +binder_call(hal_fingerprint_default, hal_display_default) +binder_call(hal_fingerprint_default, vendor_hal_perf_default) + +binder_call(hal_fingerprint_default, hal_fingerprint_default) +get_prop(hal_fingerprint_default, default_prop) + +allow hal_fingerprint_default hal_display_hwservice:hwservice_manager find; +allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; + +allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms; +allow hal_fingerprint_default mnt_vendor_file:dir create_dir_perms; +allow hal_fingerprint_default mnt_vendor_file:file create_file_perms; + +allow hal_fingerprint_default oem_file:dir create_dir_perms; +allow hal_fingerprint_default oem_file:file create_file_perms; + +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; +allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms; +allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms; + +#allow hal_fingerprint_default proc_touchpanel:dir search; +#allow hal_fingerprint_default proc_touchpanel:file rw_file_perms; + +allow hal_fingerprint_default mnt_vendor_file:dir create_dir_perms; +allow hal_fingerprint_default mnt_vendor_file:file create_file_perms; + +allow hal_fingerprint_default oem_file:dir create_dir_perms; +allow hal_fingerprint_default oem_file:file create_file_perms; + +allow hal_fingerprint_default vendor_sysfs_battery_supply:dir search; +allow hal_fingerprint_default vendor_sysfs_battery_supply:file r_file_perms; + +allow hal_fingerprint_default sysfs_aod:file rw_file_perms; +allow hal_fingerprint_default sysfs:file rw_file_perms; +allow hal_fingerprint_default sysfs_fod:file rw_file_perms; +allow hal_fingerprint_default sysfs_color:file rw_file_perms; + +get_prop(hal_fingerprint_default, vendor_adsprpc_prop) +get_prop(hal_fingerprint_default, vendor_default_prop) +set_prop(hal_fingerprint_default, vendor_fingerprint_prop) diff --git a/sepolicy/vendor/hal_lineage_touch_default.te b/sepolicy/vendor/hal_lineage_touch_default.te index 2782309..c6b109d 100644 --- a/sepolicy/vendor/hal_lineage_touch_default.te +++ b/sepolicy/vendor/hal_lineage_touch_default.te @@ -1,2 +1,2 @@ -allow hal_lineage_touch_default proc_touchpanel:dir search; -allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms; +#allow hal_lineage_touch_default proc_touchpanel:dir search; +#allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te index 63b5b0f..43f342c 100644 --- a/sepolicy/vendor/hal_power_default.te +++ b/sepolicy/vendor/hal_power_default.te @@ -1,2 +1,2 @@ -allow hal_power_default proc_touchpanel:dir search; -allow hal_power_default proc_touchpanel:file rw_file_perms; +#allow hal_power_default proc_touchpanel:dir search; +#allow hal_power_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index d1880a2..64854ac 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -1,10 +1,12 @@ allow vendor_init tmpfs:chr_file { read open }; allow vendor_init tmpfs:dir { create_dir_perms mounton }; -allow vendor_init proc_direct_swappiness:file w_file_perms; -allow vendor_init proc_hung_task:file w_file_perms; -allow vendor_init proc_swappiness:file w_file_perms; -allow vendor_init proc_watermark_boost_factor:file rw_file_perms; +allow vendor_init op2_file:file create_file_perms; + +#allow vendor_init proc_direct_swappiness:file w_file_perms; +#allow vendor_init proc_hung_task:file w_file_perms; +#allow vendor_init proc_swappiness:file w_file_perms; +#allow vendor_init proc_watermark_boost_factor:file rw_file_perms; get_prop(vendor_init, vendor_db_security_prop) set_prop(vendor_init, vendor_oem_bluetooth_prop)