sepolicy: qti: Introduce rw_dir_file() macro and use wherever possible
Change-Id: Iec8a7f18c75a994032792421172fea92e9595af6
This commit is contained in:
LuK1337
@@ -8,9 +8,7 @@ allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
|||||||
allow hal_fingerprint_default graphics_device:chr_file rw_file_perms;
|
allow hal_fingerprint_default graphics_device:chr_file rw_file_perms;
|
||||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
allow hal_fingerprint_default vendor_proc_display:dir r_dir_perms;
|
rw_dir_file(hal_fingerprint_default, vendor_proc_display)
|
||||||
allow hal_fingerprint_default vendor_proc_display:file rw_file_perms;
|
|
||||||
|
|
||||||
r_dir_file(hal_fingerprint_default, vendor_proc_fingerprint)
|
r_dir_file(hal_fingerprint_default, vendor_proc_fingerprint)
|
||||||
|
|
||||||
get_prop(hal_fingerprint_default, system_oplus_project_prop)
|
get_prop(hal_fingerprint_default, system_oplus_project_prop)
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:dir r_dir_perms;
|
rw_dir_file(hal_lineage_livedisplay_qti, vendor_sysfs_graphics)
|
||||||
allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:file rw_file_perms;
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
allow hal_lineage_powershare_default vendor_proc_wireless:dir r_dir_perms;
|
rw_dir_file(hal_lineage_powershare_default, vendor_proc_wireless)
|
||||||
allow hal_lineage_powershare_default vendor_proc_wireless:file rw_file_perms;
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
allow hal_lineage_touch_default vendor_proc_display:dir r_dir_perms;
|
rw_dir_file(hal_lineage_touch_default, vendor_proc_display)
|
||||||
allow hal_lineage_touch_default vendor_proc_display:file rw_file_perms;
|
|
||||||
|
|||||||
3
sepolicy/qti/vendor/hal_power_default.te
vendored
3
sepolicy/qti/vendor/hal_power_default.te
vendored
@@ -1,2 +1 @@
|
|||||||
allow hal_power_default vendor_proc_display:dir r_dir_perms;
|
rw_dir_file(hal_power_default, vendor_proc_display)
|
||||||
allow hal_power_default vendor_proc_display:file rw_file_perms;
|
|
||||||
|
|||||||
11
sepolicy/qti/vendor/hal_sensors_default.te
vendored
11
sepolicy/qti/vendor/hal_sensors_default.te
vendored
@@ -1,10 +1,5 @@
|
|||||||
allow hal_sensors_default ssc_interactive_device:chr_file rw_file_perms;
|
allow hal_sensors_default ssc_interactive_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
allow hal_sensors_default vendor_persist_engineer_file:dir r_dir_perms;
|
rw_dir_file(hal_sensors_default, vendor_persist_engineer_file)
|
||||||
allow hal_sensors_default vendor_persist_engineer_file:file rw_file_perms;
|
rw_dir_file(hal_sensors_default, vendor_sysfs_graphics)
|
||||||
|
rw_dir_file(hal_sensors_default, vendor_sysfs_sensor_fb)
|
||||||
allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
|
|
||||||
allow hal_sensors_default vendor_sysfs_graphics:file rw_file_perms;
|
|
||||||
|
|
||||||
allow hal_sensors_default vendor_sysfs_sensor_fb:dir r_dir_perms;
|
|
||||||
allow hal_sensors_default vendor_sysfs_sensor_fb:file rw_file_perms;
|
|
||||||
|
|||||||
3
sepolicy/qti/vendor/system_server.te
vendored
3
sepolicy/qti/vendor/system_server.te
vendored
@@ -1,2 +1 @@
|
|||||||
allow system_server vendor_proc_tri_state_key:dir r_dir_perms;
|
rw_dir_file(system_server, vendor_proc_tri_state_key)
|
||||||
allow system_server vendor_proc_tri_state_key:file rw_file_perms;
|
|
||||||
|
|||||||
8
sepolicy/qti/vendor/te_macros
vendored
Normal file
8
sepolicy/qti/vendor/te_macros
vendored
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
#####################################
|
||||||
|
# rw_dir_file(domain, type)
|
||||||
|
# Allow the specified domain to read directories and rw files
|
||||||
|
# and symbolic links of the specified type.
|
||||||
|
define(`rw_dir_file', `
|
||||||
|
allow $1 $2:dir r_dir_perms;
|
||||||
|
allow $1 $2:{ file lnk_file } rw_file_perms;
|
||||||
|
')
|
||||||
@@ -5,9 +5,7 @@ init_daemon_domain(tri-state-key-calibrate)
|
|||||||
|
|
||||||
allow tri-state-key-calibrate vendor_toolbox_exec:file rx_file_perms;
|
allow tri-state-key-calibrate vendor_toolbox_exec:file rx_file_perms;
|
||||||
|
|
||||||
allow tri-state-key-calibrate vendor_proc_tri_state_key:dir r_dir_perms;
|
|
||||||
allow tri-state-key-calibrate vendor_proc_tri_state_key:file w_file_perms;
|
|
||||||
|
|
||||||
allow tri-state-key-calibrate mnt_vendor_file:dir search;
|
allow tri-state-key-calibrate mnt_vendor_file:dir search;
|
||||||
|
|
||||||
|
rw_dir_file(tri-state-key-calibrate, vendor_proc_tri_state_key)
|
||||||
r_dir_file(tri-state-key-calibrate, vendor_persist_engineer_file)
|
r_dir_file(tri-state-key-calibrate, vendor_persist_engineer_file)
|
||||||
|
|||||||
4
sepolicy/qti/vendor/vendor_rmt_storage.te
vendored
4
sepolicy/qti/vendor/vendor_rmt_storage.te
vendored
@@ -1,6 +1,4 @@
|
|||||||
allow vendor_rmt_storage vendor_proc_engineer:dir r_dir_perms;
|
|
||||||
allow vendor_rmt_storage vendor_proc_engineer:file rw_file_perms;
|
|
||||||
|
|
||||||
allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;
|
allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;
|
||||||
|
|
||||||
|
rw_dir_file(vendor_rmt_storage, vendor_proc_engineer)
|
||||||
r_dir_file(vendor_rmt_storage, vendor_proc_oplus_version)
|
r_dir_file(vendor_rmt_storage, vendor_proc_oplus_version)
|
||||||
|
|||||||
7
sepolicy/qti/vendor/vendor_sensors.te
vendored
7
sepolicy/qti/vendor/vendor_sensors.te
vendored
@@ -1,5 +1,2 @@
|
|||||||
allow vendor_sensors vendor_persist_engineer_file:dir r_dir_perms;
|
rw_dir_file(vendor_sensors, vendor_persist_engineer_file)
|
||||||
allow vendor_sensors vendor_persist_engineer_file:file rw_file_perms;
|
rw_dir_file(vendor_sensors,vendor_sysfs_sensor_fb)
|
||||||
|
|
||||||
allow vendor_sensors vendor_sysfs_sensor_fb:dir r_dir_perms;
|
|
||||||
allow vendor_sensors vendor_sysfs_sensor_fb:file rw_file_perms;
|
|
||||||
|
|||||||
Reference in New Issue
Block a user