Add initial QTI SEPolicy for Oplus

Change-Id: Ib06cada5e7031d1f95976bf48a6a8475a835c9a4

sepolicy/qti/SEPolicy.mk

@@ -0,0 +1,8 @@
+#
+# Copyright (C) 2022 The LineageOS Project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+BOARD_VENDOR_SEPOLICY_DIRS += hardware/oplus/sepolicy/qti/vendor
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += hardware/oplus/sepolicy/qti/private
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += hardware/oplus/sepolicy/qti/public

sepolicy/qti/private/property_contexts

@@ -0,0 +1,5 @@
+# Fingerprint
+oplus.fingerprint.    u:object_r:system_fingerprint_prop:s0
+
+# Version
+ro.separate.soft    u:object_r:system_oplus_project_prop:s0

sepolicy/qti/public/property.te

@@ -0,0 +1,5 @@
+# Fingerprint
+vendor_internal_prop(system_fingerprint_prop)
+
+# Version
+system_vendor_config_prop(system_oplus_project_prop)

sepolicy/qti/vendor/device.te

@@ -0,0 +1,5 @@
+# Fingerprint
+type fingerprint_device, dev_type;
+
+# Reserve
+type vendor_reserve_partition, dev_type;

sepolicy/qti/vendor/fastbootd.te

@@ -0,0 +1,3 @@
+recovery_only(`
+allow fastbootd vendor_modem_efs_partition_device:blk_file rw_file_perms;
+')

sepolicy/qti/vendor/file.te

@@ -0,0 +1,21 @@
+# Alert Slider
+type vendor_proc_tri_state_key, fs_type, proc_type;
+
+# Camera
+type vendor_persist_camera_file, file_type;
+
+# Charging
+type vendor_proc_wireless, fs_type, proc_type;
+
+# Display
+type vendor_proc_display, fs_type, proc_type;
+
+# Engineering
+type vendor_persist_engineer_file, file_type;
+type vendor_proc_engineer, fs_type, proc_type;
+
+# Fingerprint
+type vendor_proc_fingerprint, fs_type, proc_type;
+
+# Versioning
+type vendor_proc_oplus_version, fs_type, proc_type;

sepolicy/qti/vendor/file_contexts

@@ -0,0 +1,58 @@
+# Alert Slider
+/(vendor|system/vendor)/bin/tri-state-key-calibrate    u:object_r:tri-state-key-calibrate_exec:s0
+
+# Camera
+/mnt/vendor/persist/camera(/.*)?                     u:object_r:vendor_persist_camera_file:s0
+/mnt/vendor/persist/dual_camera_calibration(/.*)?    u:object_r:vendor_persist_camera_file:s0
+
+# Charging
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.powershare@1\.0-service\.oplus    u:object_r:hal_lineage_powershare_default_exec:s0
+
+# Display
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.oplus    u:object_r:hal_lineage_livedisplay_qti_exec:s0
+/dev/oplus_display                                                                 u:object_r:graphics_device:s0
+
+# Display (Pixelworks)
+/(odm|vendor/odm)/bin/hw/vendor\.pixelworks\.hardware\.display\.iris-service           u:object_r:hal_graphics_composer_default_exec:s0
+/(odm|vendor/odm)/bin/hw/vendor\.pixelworks\.hardware\.feature\.irisfeature-service    u:object_r:hal_graphics_composer_default_exec:s0
+
+# Engineering
+/mnt/vendor/persist/engineermode(/.*)?    u:object_r:vendor_persist_engineer_file:s0
+
+# Fingerprint
+/(odm|vendor/odm)/bin/hw/vendor\.oplus\.hardware\.biometrics\.fingerprint@2\.1-service           u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.oplus    u:object_r:hal_fingerprint_default_exec:s0
+/dev/goodix_fp                                                                                   u:object_r:fingerprint_device:s0
+
+# Init
+/(odm|vendor/odm)/bin/init\.oplus\.sh    u:object_r:vendor_qti_init_shell_exec:s0
+
+# NFC
+/(odm|vendor/odm)/bin/hw/vendor\.nxp\.hardware\.nfc@1\.2-service      u:object_r:hal_nfc_default_exec:s0
+/(odm|vendor/odm)/bin/hw/vendor\.qti\.esepowermanager@1\.1-service    u:object_r:vendor_hal_esepowermanager_qti_exec:s0
+/(odm|vendor/odm)/bin/hw/vendor\.qti\.secure_element@1\.2-service     u:object_r:hal_secure_element_default_exec:s0
+
+# Partitions
+/dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_vendor_[ab]      u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/engineering_cdt_[ab]    u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/oplus_sec_[ab]          u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/splash_[ab]             u:object_r:vendor_custom_ab_block_device:s0
+
+# RMT
+/dev/block/platform/soc/1d84000\.ufshc/by-name/oplusdycnvbk          u:object_r:vendor_modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/oplusstanvbk_[ab]     u:object_r:vendor_modem_efs_partition_device:s0
+
+# Reserve
+/dev/block/platform/soc/1d84000\.ufshc/by-name/oplusreserve4    u:object_r:vendor_reserve_partition:s0
+
+# Sensors
+/(odm|vendor/odm)/bin/oplus_sensor_fb    u:object_r:vendor_sensors_exec:s0
+
+# Touch
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oplus    u:object_r:hal_lineage_touch_default_exec:s0
+
+# Vibrator
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.vibrator\.service\.oplus    u:object_r:hal_vibrator_default_exec:s0
+
+# Widevine
+/(odm|vendor/odm)/bin/hw/android\.hardware\.drm@1\.3-service\.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0

sepolicy/qti/vendor/genfs_contexts

@@ -0,0 +1,90 @@
+# Alert Slider
+genfscon proc /tristatekey    u:object_r:vendor_proc_tri_state_key:s0
+
+# Charging
+genfscon proc /wireless                                                u:object_r:vendor_proc_wireless:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/power_supply    u:object_r:vendor_sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/oplus_chg      u:object_r:vendor_sysfs_usb_supply:s0
+
+# Display
+genfscon proc /devinfo/lcd              u:object_r:vendor_proc_display:s0
+genfscon proc /touchpanel               u:object_r:vendor_proc_display:s0
+genfscon sysfs /kernel/oplus_display    u:object_r:vendor_sysfs_graphics:s0
+
+# Engineering
+genfscon proc /oplus_rf    u:object_r:vendor_proc_engineer:s0
+
+# Fingerprint
+genfscon proc /fp_id    u:object_r:vendor_proc_fingerprint:s0
+
+# Versioning
+genfscon proc /oplusVersion    u:object_r:vendor_proc_oplus_version:s0
+
+# Vibrator
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-6/6-005a/leds/vibrator    u:object_r:sysfs_vibrator:s0
+
+# Wakeup (https://lkml.org/lkml/2019/8/6/1275)
+genfscon sysfs /devices/platform/dummy_hcd.0/usb1/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys6/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/188101c.qcom,spss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1103_00.01.00/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1e00000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys8/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys7/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/884000.i2c/i2c-5/5-0028/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/980000.i2c/i2c-0/0-003b/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/98900000.qcom,turing/subsys4/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/98900000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys10/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/abb0000.qcom,evass/subsys1/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/abb0000.qcom,evass/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/subsys9/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6490/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pmk8350@0:rtc@6100/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm8350b@3:qcom,amoled/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_gki/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/oplus_chg/ac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/oplus_chg/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/oplus_chg/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/soc:oplus,chg_intf:oplus,common-charge/oplus_chg/common/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/soc:oplus,chg_intf:oplus,wireless-charge/oplus_chg/wireless/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oplus,chg_intf/soc:oplus,chg_intf:oplus,wireless-charge/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink_log/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-modem/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-nsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,spcom/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,trustedvm@d0800000/subsys2/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,trustedvm@d0800000/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd-secure/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_alac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_ape/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wma/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup u:object_r:sysfs_wakeup:s0

sepolicy/qti/vendor/hal_bluetooth_default.te

@@ -0,0 +1 @@
+r_dir_file(hal_bluetooth_default, vendor_proc_oplus_version)

sepolicy/qti/vendor/hal_camera_default.te

@@ -0,0 +1,6 @@
+allow hal_camera_default vendor_hal_orms_hwservice:hwservice_manager find;
+
+allow hal_camera_default mnt_vendor_file:dir search;
+
+allow hal_camera_default vendor_persist_camera_file:dir w_dir_perms;
+allow hal_camera_default vendor_persist_camera_file:file create_file_perms;

sepolicy/qti/vendor/hal_fingerprint_default.te

@@ -0,0 +1,18 @@
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+
+binder_call(hal_fingerprint_default, hal_fingerprint_default)
+
+allow hal_fingerprint_default vendor_hal_orms_hwservice:hwservice_manager find;
+
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+allow hal_fingerprint_default graphics_device:chr_file rw_file_perms;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+
+allow hal_fingerprint_default vendor_proc_display:dir r_dir_perms;
+allow hal_fingerprint_default vendor_proc_display:file rw_file_perms;
+
+r_dir_file(hal_fingerprint_default, vendor_proc_fingerprint)
+
+get_prop(hal_fingerprint_default, system_oplus_project_prop)
+set_prop(hal_fingerprint_default, system_fingerprint_prop)
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)

sepolicy/qti/vendor/hal_graphics_composer_default.te

@@ -0,0 +1,4 @@
+binder_call(hal_graphics_composer_default, hal_graphics_composer_default)
+
+get_prop(hal_graphics_composer_default, system_oplus_project_prop)
+set_prop(hal_graphics_composer_default, vendor_display_prop)

sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te

@@ -0,0 +1,2 @@
+allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:dir r_dir_perms;
+allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:file rw_file_perms;

sepolicy/qti/vendor/hal_lineage_powershare_default.te

@@ -0,0 +1,2 @@
+allow hal_lineage_powershare_default vendor_proc_wireless:dir r_dir_perms;
+allow hal_lineage_powershare_default vendor_proc_wireless:file rw_file_perms;

sepolicy/qti/vendor/hal_lineage_touch_default.te

@@ -0,0 +1,2 @@
+allow hal_lineage_touch_default vendor_proc_display:dir r_dir_perms;
+allow hal_lineage_touch_default vendor_proc_display:file rw_file_perms;

sepolicy/qti/vendor/hal_nfc_default.te

@@ -0,0 +1,3 @@
+allow hal_nfc_default vendor_nfc_vendor_data_file:dir search;
+
+set_prop(hal_nfc_default, vendor_nfc_nq_prop)

sepolicy/qti/vendor/hal_power_default.te

@@ -0,0 +1,2 @@
+allow hal_power_default vendor_proc_display:dir r_dir_perms;
+allow hal_power_default vendor_proc_display:file rw_file_perms;

sepolicy/qti/vendor/hal_sensors_default.te

@@ -0,0 +1,5 @@
+allow hal_sensors_default vendor_persist_engineer_file:dir r_dir_perms;
+allow hal_sensors_default vendor_persist_engineer_file:file rw_file_perms;
+
+allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
+allow hal_sensors_default vendor_sysfs_graphics:file rw_file_perms;

sepolicy/qti/vendor/hwservice.te

@@ -0,0 +1,2 @@
+# ORMS
+type vendor_hal_orms_hwservice, hwservice_manager_type, protected_hwservice;

sepolicy/qti/vendor/hwservice_contexts

@@ -0,0 +1,18 @@
+# Camera
+vendor.oplus.hardware.cammidasservice::IMIDASService    u:object_r:hal_camera_hwservice:s0
+
+# Display (Pixelworks)
+vendor.pixelworks.hardware.display::IIris           u:object_r:hal_graphics_composer_hwservice:s0
+vendor.pixelworks.hardware.feature::IIrisFeature    u:object_r:hal_graphics_composer_hwservice:s0
+
+# Fingerprint
+vendor.oplus.hardware.biometrics.fingerprint::IBiometricsFingerprint    u:object_r:hal_fingerprint_hwservice:s0
+vendor.oplus.hardware.commondcs::ICommonDcsHalService                   u:object_r:hal_fingerprint_hwservice:s0
+
+# ORMS
+vendor.oplus.hardware.orms::IOrmsHalProxy    u:object_r:vendor_hal_orms_hwservice:s0
+
+# Telephony
+vendor.oplus.hardware.appradio::IOplusAppRadio    u:object_r:hal_telephony_hwservice:s0
+vendor.oplus.hardware.ims::IOplusImsRadio         u:object_r:hal_telephony_hwservice:s0
+vendor.oplus.hardware.radio::IOplusRadio          u:object_r:hal_telephony_hwservice:s0

sepolicy/qti/vendor/property.te

@@ -0,0 +1,2 @@
+# Fingerprint
+vendor_internal_prop(vendor_fingerprint_prop)

sepolicy/qti/vendor/property_contexts

@@ -0,0 +1,9 @@
+# Display
+vendor.dps.dump.composerpid    u:object_r:vendor_display_prop:s0
+
+# Fingerprint
+persist.vendor.fingerprint.    u:object_r:vendor_fingerprint_prop:s0
+vendor.fingerprint.            u:object_r:vendor_fingerprint_prop:s0
+
+# NFC
+vendor.oplus.nfc.fw.version    u:object_r:vendor_nfc_nq_prop:s0

sepolicy/qti/vendor/rild.te

@@ -0,0 +1,5 @@
+allow rild mnt_vendor_file:dir search;
+
+allow rild vendor_proc_display:file r_file_perms;
+
+r_dir_file(rild, vendor_proc_engineer)

sepolicy/qti/vendor/system_server.te

@@ -0,0 +1,2 @@
+allow system_server vendor_proc_tri_state_key:dir r_dir_perms;
+allow system_server vendor_proc_tri_state_key:file rw_file_perms;

sepolicy/qti/vendor/tri-state-key-calibrate.te

@@ -0,0 +1,13 @@
+type tri-state-key-calibrate, domain;
+type tri-state-key-calibrate_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(tri-state-key-calibrate)
+
+allow tri-state-key-calibrate vendor_toolbox_exec:file rx_file_perms;
+
+allow tri-state-key-calibrate vendor_proc_tri_state_key:dir r_dir_perms;
+allow tri-state-key-calibrate vendor_proc_tri_state_key:file w_file_perms;
+
+allow tri-state-key-calibrate mnt_vendor_file:dir search;
+
+r_dir_file(tri-state-key-calibrate, vendor_persist_engineer_file)

sepolicy/qti/vendor/vendor_hal_perf_default.te

@@ -0,0 +1 @@
+r_dir_file(vendor_hal_perf_default, vendor_sysfs_usb_supply)

sepolicy/qti/vendor/vendor_init.te

@@ -0,0 +1 @@
+set_prop(vendor_init, system_oplus_project_prop)

sepolicy/qti/vendor/vendor_poweroffalarm_app.te

@@ -0,0 +1 @@
+allow vendor_poweroffalarm_app mnt_vendor_file:dir search;

sepolicy/qti/vendor/vendor_qti_init_shell.te

@@ -0,0 +1 @@
+allow vendor_qti_init_shell proc_cmdline:file r_file_perms;

sepolicy/qti/vendor/vendor_rmt_storage.te

@@ -0,0 +1,6 @@
+allow vendor_rmt_storage vendor_proc_engineer:dir r_dir_perms;
+allow vendor_rmt_storage vendor_proc_engineer:file rw_file_perms;
+
+allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;
+
+r_dir_file(vendor_rmt_storage, vendor_proc_oplus_version)

sepolicy/qti/vendor/vendor_sensors.te

@@ -0,0 +1,2 @@
+allow vendor_sensors vendor_persist_engineer_file:dir r_dir_perms;
+allow vendor_sensors vendor_persist_engineer_file:file rw_file_perms;

sepolicy/qti/vendor/vendor_thermal-engine.te

@@ -0,0 +1 @@
+r_dir_file(vendor_thermal-engine, vendor_sysfs_usb_supply)