diff options
23 files changed, 116 insertions, 13 deletions
diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te index c1eac9ce..dccddf0e 100644 --- a/display/gs101/hal_graphics_composer_default.te +++ b/display/gs101/hal_graphics_composer_default.te @@ -25,8 +25,8 @@ allow hal_graphics_composer_default sysfs_leds:file rw_file_perms; # allow HWC to get vendor_persist_sys_default_prop get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop) -# allow HWC to get vendor_display_prop -get_prop(hal_graphics_composer_default, vendor_display_prop) +# allow HWC to get/set vendor_display_prop +set_prop(hal_graphics_composer_default, vendor_display_prop) # allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop) diff --git a/telephony/user/file.te b/telephony/user/file.te deleted file mode 100644 index 05f3c5e2..00000000 --- a/telephony/user/file.te +++ /dev/null @@ -1,5 +0,0 @@ -# Radio -type radio_vendor_data_file, file_type, data_file_type; -userdebug_or_eng(` - typeattribute radio_vendor_data_file mlstrustedobject; -') diff --git a/telephony/user/file_contexts b/telephony/user/file_contexts index 1e0c1a44..1aafb7e3 100644 --- a/telephony/user/file_contexts +++ b/telephony/user/file_contexts @@ -1,5 +1,3 @@ # ECC List /vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0 -# Radio files. -/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 21776b79..7901bdcf 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,2 +1,4 @@ #b/228181404 -dontaudit kernel vendor_maxfg_debugfs:dir { search };
\ No newline at end of file +dontaudit kernel vendor_maxfg_debugfs:dir { search }; +#b/247905787 +dontaudit kernel vendor_votable_debugfs:dir { search }; diff --git a/usf/file.te b/usf/file.te index e264c277..8f49e32b 100644 --- a/usf/file.te +++ b/usf/file.te @@ -10,3 +10,7 @@ type persist_sensor_reg_file, file_type, vendor_persist_type; # end with "data_file". type sensor_reg_data_file, file_type, data_file_type; +# Declare the sensor debug data file type. By convention, data file types +# end with "data_file". +type sensor_debug_data_file, file_type, data_file_type; + diff --git a/usf/file_contexts b/usf/file_contexts index ff3d41d3..3c7833b1 100644 --- a/usf/file_contexts +++ b/usf/file_contexts @@ -8,3 +8,5 @@ # Sensor registry data files. /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +# Sensor debug data files. +/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te index bda44c9f..491d6403 100644 --- a/usf/sensor_hal.te +++ b/usf/sensor_hal.te @@ -12,6 +12,12 @@ r_dir_file(hal_sensors_default, persist_camera_file) allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; allow hal_sensors_default sensor_reg_data_file:file create_file_perms; +userdebug_or_eng(` + # Allow creation and writing of sensor debug data files. + allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; + allow hal_sensors_default sensor_debug_data_file:file create_file_perms; +') + # Allow access to the AoC communication driver. allow hal_sensors_default aoc_device:chr_file rw_file_perms; diff --git a/whitechapel/vendor/google/chre.te b/whitechapel/vendor/google/chre.te index 67ba090a..26c1675f 100644 --- a/whitechapel/vendor/google/chre.te +++ b/whitechapel/vendor/google/chre.te @@ -18,3 +18,10 @@ usf_low_latency_transport(chre) # Allow CHRE to talk to the WiFi HAL allow chre hal_wifi_ext:binder { call transfer }; allow chre hal_wifi_ext_hwservice:hwservice_manager find; + +# Allow CHRE host to talk to stats service +allow chre fwk_stats_service:service_manager find; +binder_call(chre, stats_service_server) + +# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. +allow chre self:global_capability2_class_set block_suspend; diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te index d6cf7315..e350e0f3 100644 --- a/whitechapel/vendor/google/fastbootd.te +++ b/whitechapel/vendor/google/fastbootd.te @@ -5,4 +5,5 @@ allow fastbootd devinfo_block_device:blk_file rw_file_perms; allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; allow fastbootd custom_ab_block_device:blk_file rw_file_perms; +allow fastbootd citadel_device:chr_file rw_file_perms; ') diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 0c7a56d8..48cb759d 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -212,3 +212,12 @@ type sysfs_trusty, sysfs_type, fs_type; # BootControl type sysfs_bootctl, sysfs_type, fs_type; + +#vendor-metrics +type sysfs_vendor_metrics, fs_type, sysfs_type; + +# Radio +type radio_vendor_data_file, file_type, data_file_type; +userdebug_or_eng(` + typeattribute radio_vendor_data_file mlstrustedobject; +') diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index c98edb0c..a75eff9e 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -108,6 +108,7 @@ /dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 @@ -248,6 +249,7 @@ # Sensors /data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0 /dev/acd-com.google.usf u:object_r:aoc_device:s0 +/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0 /dev/acd-logging u:object_r:aoc_device:s0 /dev/aoc u:object_r:aoc_device:s0 @@ -268,7 +270,7 @@ # modem_svc_sit files /vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 -/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0 +/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 # modem mnt files /mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0 @@ -284,7 +286,7 @@ /vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # NFC -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /dev/st21nfc u:object_r:nfc_device:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 @@ -318,6 +320,8 @@ /dev/acd-debug u:object_r:aoc_device:s0 /dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0 /dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0 +/dev/acd-audio_ap_offload_rx u:object_r:aoc_device:s0 +/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0 /dev/amcs u:object_r:amcs_device:s0 # AudioMetric @@ -433,3 +437,5 @@ # Raw HID device /dev/hidraw[0-9]* u:object_r:hidraw_device:s0 +# Radio files. +/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index d3300e28..8bb12c67 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -14,7 +14,8 @@ genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:ob genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 @@ -205,6 +206,7 @@ genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:0 genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0 @@ -353,6 +355,26 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-mete genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/1-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-1/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-2/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-3/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-4/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-5/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-8/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-0/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-1/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-2/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-3/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-4/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-5/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-6/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/wakeup u:object_r:sysfs_wakeup:s0 + # bcl sysfs files genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 @@ -485,6 +507,7 @@ genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_ genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0 # SJTAG genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 @@ -528,6 +551,11 @@ genfscon sysfs /devices/platform/100b0000.G3D u:obje genfscon sysfs /devices/platform/100b0000.ISP u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 +#vendor-metrics +genfscon sysfs /kernel/metrics/temp_residency/temp_residency_all/stats u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/resume_latency/resume_latency_metrics u:object_r:sysfs_vendor_metrics:s0 +genfscon sysfs /kernel/metrics/irq/long_irq_metrics u:object_r:sysfs_vendor_metrics:s0 + # Trusty genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 66c51b7c..314546f2 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -35,6 +35,10 @@ allow hal_dumpstate_default vendor_log_file:dir search; allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans; allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans; allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans; +userdebug_or_eng(` + allow hal_dumpstate_default sensor_debug_data_file:dir r_dir_perms; + allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms; +') allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms; @@ -67,6 +71,7 @@ allow hal_dumpstate_default sysfs_thermal:lnk_file read; # Modem logs allow hal_dumpstate_default modem_efs_file:dir search; allow hal_dumpstate_default modem_efs_file:file r_file_perms; +allow hal_dumpstate_default modem_stat_data_file:dir r_dir_perms; allow hal_dumpstate_default modem_stat_data_file:file r_file_perms; allow hal_dumpstate_default vendor_slog_file:file r_file_perms; @@ -138,6 +143,9 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_maxfg_debugfs:dir search; allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; + allow hal_dumpstate_default sysfs_vendor_metrics:dir search; + allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; @@ -168,6 +176,9 @@ dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; dontaudit hal_dumpstate_default vendor_dri_debugfs:dir search; diff --git a/whitechapel/vendor/google/hal_input_processor_default.te b/whitechapel/vendor/google/hal_input_processor_default.te new file mode 100644 index 00000000..00d4c695 --- /dev/null +++ b/whitechapel/vendor/google/hal_input_processor_default.te @@ -0,0 +1,2 @@ +# allow InputProcessor HAL to read the display resolution system property +get_prop(hal_input_processor_default, vendor_display_prop) diff --git a/whitechapel/vendor/google/logger_app.te b/whitechapel/vendor/google/logger_app.te index be15d0e6..14196600 100644 --- a/whitechapel/vendor/google/logger_app.te +++ b/whitechapel/vendor/google/logger_app.te @@ -5,6 +5,10 @@ userdebug_or_eng(` allow logger_app vendor_gps_file:file create_file_perms; allow logger_app vendor_gps_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) + r_dir_file(logger_app, ramdump_vendor_data_file) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index eeba9976..d5540e31 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -14,6 +14,7 @@ allow modem_svc_sit radio_device:chr_file rw_file_perms; # Grant vendor radio and modem file/dir creation permission allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms; allow modem_svc_sit radio_vendor_data_file:file create_file_perms; +allow modem_svc_sit modem_stat_data_file:dir create_dir_perms; allow modem_svc_sit modem_stat_data_file:file create_file_perms; allow modem_svc_sit mnt_vendor_file:dir search; @@ -26,3 +27,6 @@ get_prop(modem_svc_sit, vendor_rild_prop) # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) + +# logging property +get_prop(modem_svc_sit, vendor_logger_prop) diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index f0cca685..eb255475 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -23,6 +23,9 @@ allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; # Batery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) + # BCL allow pixelstats_vendor sysfs_bcl:dir search; allow pixelstats_vendor sysfs_bcl:file r_file_perms; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 31ee4b8f..70c72b68 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -55,3 +55,6 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 5eba1f8d..0dd3d463 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -61,10 +61,13 @@ vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0 vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0 vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0 vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0 +vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0 +vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0 # for display ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 +persist.vendor.display. u:object_r:vendor_display_prop:s0 # for camera persist.vendor.camera. u:object_r:vendor_camera_prop:s0 @@ -114,3 +117,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor # uwb ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 5fc2159c..78b14e51 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -26,6 +26,7 @@ binder_call(rild, modem_svc_sit) binder_call(rild, vendor_ims_app) binder_call(rild, vendor_rcs_app) binder_call(rild, oemrilservice_app) +binder_call(rild, logger_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te index ada64441..bf29cbf2 100644 --- a/whitechapel/vendor/google/storageproxyd.te +++ b/whitechapel/vendor/google/storageproxyd.te @@ -19,3 +19,5 @@ read_fstab(tee) # storageproxyd starts before /data is mounted. It handles /data not being there # gracefully. However, attempts to access /data trigger a denial. dontaudit tee unlabeled:dir { search }; + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel/vendor/google/vendor_ims_app.te b/whitechapel/vendor/google/vendor_ims_app.te index 8d655747..140d9c25 100644 --- a/whitechapel/vendor/google/vendor_ims_app.te +++ b/whitechapel/vendor/google/vendor_ims_app.te @@ -1,5 +1,6 @@ type vendor_ims_app, domain; app_domain(vendor_ims_app) +net_domain(vendor_ims_app) allow vendor_ims_app app_api_service:service_manager find; allow vendor_ims_app audioserver_service:service_manager find; @@ -11,6 +12,8 @@ allow vendor_ims_app mediaserver_service:service_manager find; allow vendor_ims_app cameraserver_service:service_manager find; allow vendor_ims_app mediametrics_service:service_manager find; +allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl }; + binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index dfd8e996..8ebe5e52 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -35,3 +35,9 @@ set_prop(vendor_init, vendor_battery_defender_prop) # Fingerprint property set_prop(vendor_init, vendor_fingerprint_prop) + +# Display +set_prop(vendor_init, vendor_display_prop) + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) |