From 73b6c06adf98791e551165b537aab98222847316 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Sat, 25 Jun 2022 12:27:09 +0200 Subject: [PATCH] sepolicy: qti: Allow sensors to access ssc_interactive & soc:sensor_fc Change-Id: I75b740b8fba66615b08f791a43e476042e19a0f6 --- sepolicy/qti/vendor/device.te | 3 +++ sepolicy/qti/vendor/file.te | 3 +++ sepolicy/qti/vendor/file_contexts | 1 + sepolicy/qti/vendor/genfs_contexts | 3 +++ sepolicy/qti/vendor/hal_sensors_default.te | 5 +++++ sepolicy/qti/vendor/vendor_sensors.te | 3 +++ 6 files changed, 18 insertions(+) diff --git a/sepolicy/qti/vendor/device.te b/sepolicy/qti/vendor/device.te index ea4b4e2..4ca76cb 100644 --- a/sepolicy/qti/vendor/device.te +++ b/sepolicy/qti/vendor/device.te @@ -3,3 +3,6 @@ type fingerprint_device, dev_type; # Reserve type vendor_reserve_partition, dev_type; + +# Sensors +type ssc_interactive_device, dev_type; diff --git a/sepolicy/qti/vendor/file.te b/sepolicy/qti/vendor/file.te index f2b30aa..3c14587 100644 --- a/sepolicy/qti/vendor/file.te +++ b/sepolicy/qti/vendor/file.te @@ -17,5 +17,8 @@ type vendor_proc_engineer, fs_type, proc_type; # Fingerprint type vendor_proc_fingerprint, fs_type, proc_type; +# Sensors +type vendor_sysfs_sensor_fb, fs_type, sysfs_type; + # Versioning type vendor_proc_oplus_version, fs_type, proc_type; diff --git a/sepolicy/qti/vendor/file_contexts b/sepolicy/qti/vendor/file_contexts index 6c6f4b2..e79a2fa 100644 --- a/sepolicy/qti/vendor/file_contexts +++ b/sepolicy/qti/vendor/file_contexts @@ -53,6 +53,7 @@ # Sensors /(odm|vendor/odm)/bin/oplus_sensor_fb u:object_r:vendor_sensors_exec:s0 +/dev/ssc_interactive u:object_r:ssc_interactive_device:s0 # Touch /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oplus u:object_r:hal_lineage_touch_default_exec:s0 diff --git a/sepolicy/qti/vendor/genfs_contexts b/sepolicy/qti/vendor/genfs_contexts index 43ecab8..a42d465 100644 --- a/sepolicy/qti/vendor/genfs_contexts +++ b/sepolicy/qti/vendor/genfs_contexts @@ -17,6 +17,9 @@ genfscon proc /oplus_rf u:object_r:vendor_proc_engineer:s0 # Fingerprint genfscon proc /fp_id u:object_r:vendor_proc_fingerprint:s0 +# Sensors +genfscon sysfs /devices/platform/soc/soc:sensor_fb u:object_r:vendor_sysfs_sensor_fb:s0 + # Versioning genfscon proc /oplusVersion u:object_r:vendor_proc_oplus_version:s0 diff --git a/sepolicy/qti/vendor/hal_sensors_default.te b/sepolicy/qti/vendor/hal_sensors_default.te index 76584c8..87f4498 100644 --- a/sepolicy/qti/vendor/hal_sensors_default.te +++ b/sepolicy/qti/vendor/hal_sensors_default.te @@ -1,5 +1,10 @@ +allow hal_sensors_default ssc_interactive_device:chr_file rw_file_perms; + allow hal_sensors_default vendor_persist_engineer_file:dir r_dir_perms; allow hal_sensors_default vendor_persist_engineer_file:file rw_file_perms; allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms; allow hal_sensors_default vendor_sysfs_graphics:file rw_file_perms; + +allow hal_sensors_default vendor_sysfs_sensor_fb:dir r_dir_perms; +allow hal_sensors_default vendor_sysfs_sensor_fb:file rw_file_perms; diff --git a/sepolicy/qti/vendor/vendor_sensors.te b/sepolicy/qti/vendor/vendor_sensors.te index 1758718..ab95b1d 100644 --- a/sepolicy/qti/vendor/vendor_sensors.te +++ b/sepolicy/qti/vendor/vendor_sensors.te @@ -1,2 +1,5 @@ allow vendor_sensors vendor_persist_engineer_file:dir r_dir_perms; allow vendor_sensors vendor_persist_engineer_file:file rw_file_perms; + +allow vendor_sensors vendor_sysfs_sensor_fb:dir r_dir_perms; +allow vendor_sensors vendor_sysfs_sensor_fb:file rw_file_perms;