diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index ef668f7..03ba613 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -178,6 +178,7 @@ VENDOR_SECURITY_PATCH := 2021-09-01 # Sepolicy include device/qcom/sepolicy_vndr/SEPolicy.mk +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor # Verified Boot diff --git a/sepolicy/private/keyhandler_app.te b/sepolicy/private/keyhandler_app.te new file mode 100644 index 0000000..4dbb2d4 --- /dev/null +++ b/sepolicy/private/keyhandler_app.te @@ -0,0 +1,10 @@ +type keyhandler_app, domain; + +app_domain(keyhandler_app) + +allow keyhandler_app self:netlink_kobject_uevent_socket { read bind setopt create }; + +allow keyhandler_app app_api_service:service_manager find; + +allow keyhandler_app system_app_data_file:dir create_dir_perms; +allow keyhandler_app system_app_data_file:{ file lnk_file } create_file_perms; diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts new file mode 100644 index 0000000..0af6cc1 --- /dev/null +++ b/sepolicy/private/seapp_contexts @@ -0,0 +1 @@ +user=system seinfo=platform name=org.lineageos.settings.device domain=keyhandler_app type=system_app_data_file diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index b1af6b5..debeeba 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,9 +1,9 @@ # Binaries -/(vendor|system/vendor)/bin/dashd u:object_r:dashd_exec:s0 -/(vendor|system/vendor)/bin/opf-service u:object_r:opf_exec:s0 -/(vendor|system/vendor)/bin/tri-state-key_daemon u:object_r:tri-state-key_daemon_exec:s0 -/(vendor|system/vendor)/bin/vl53l1_daemon_main u:object_r:vl53l1_daemon_main_exec:s0 -/(vendor|system/vendor)/bin/wifi-mac-generator u:object_r:wifi-mac-generator_exec:s0 +/(vendor|system/vendor)/bin/dashd u:object_r:dashd_exec:s0 +/(vendor|system/vendor)/bin/opf-service u:object_r:opf_exec:s0 +/(vendor|system/vendor)/bin/tri-state-key-calibrate u:object_r:tri-state-key-calibrate_exec:s0 +/(vendor|system/vendor)/bin/vl53l1_daemon_main u:object_r:vl53l1_daemon_main_exec:s0 +/(vendor|system/vendor)/bin/wifi-mac-generator u:object_r:wifi-mac-generator_exec:s0 # Block devices /dev/block/platform/soc/1d84000.ufshc/by-name/config u:object_r:frp_block_device:s0 diff --git a/sepolicy/vendor/tri-state-key-calibrate.te b/sepolicy/vendor/tri-state-key-calibrate.te new file mode 100644 index 0000000..c6d03ce --- /dev/null +++ b/sepolicy/vendor/tri-state-key-calibrate.te @@ -0,0 +1,13 @@ +type tri-state-key-calibrate, domain; +type tri-state-key-calibrate_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(tri-state-key-calibrate) + +allow tri-state-key-calibrate vendor_shell_exec:file rx_file_perms; +allow tri-state-key-calibrate vendor_toolbox_exec:file rx_file_perms; + +allow tri-state-key-calibrate sysfs_tri_state_key:file w_file_perms; + +allow tri-state-key-calibrate mnt_vendor_file:dir search; + +r_dir_file(tri-state-key-calibrate, oem_file) diff --git a/sepolicy/vendor/tri-state-key_daemon.te b/sepolicy/vendor/tri-state-key_daemon.te deleted file mode 100644 index cdde618..0000000 --- a/sepolicy/vendor/tri-state-key_daemon.te +++ /dev/null @@ -1,13 +0,0 @@ -type tri-state-key_daemon, domain; -type tri-state-key_daemon_exec, vendor_file_type, exec_type, file_type; - -init_daemon_domain(tri-state-key_daemon) - -allow tri-state-key_daemon uhid_device:chr_file rw_file_perms; -allow tri-state-key_daemon self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; - -allow tri-state-key_daemon sysfs_tri_state_key:file w_file_perms; - -allow tri-state-key_daemon mnt_vendor_file:dir search; - -r_dir_file(tri-state-key_daemon, oem_file)