diff options
| author | Michael Bestas <mkbestas@gmail.com> | 2023-05-11 19:23:36 +0300 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2023-06-13 14:14:52 +0800 |
| commit | 0a4e3aa57c5ca0883a9086ed8f9a6419aea0f6f1 (patch) | |
| tree | 245b524dbc731ae41caa8a89dbe0e7ca9db7cfcc | |
| parent | c7f05461a5af6a97e98a309019d49e6f0156ecea (diff) | |
sepolicy_vndr: Restrict access to /sys/devices/soc0/serial_number
Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
| -rw-r--r-- | generic/vendor/common/file.te | 1 | ||||
| -rw-r--r-- | generic/vendor/common/genfs_contexts | 1 | ||||
| -rw-r--r-- | legacy/vendor/common/file.te | 1 | ||||
| -rwxr-xr-x | legacy/vendor/common/genfs_contexts | 1 |
4 files changed, 4 insertions, 0 deletions
diff --git a/generic/vendor/common/file.te b/generic/vendor/common/file.te index 69737521..a559900b 100644 --- a/generic/vendor/common/file.te +++ b/generic/vendor/common/file.te @@ -51,6 +51,7 @@ type vendor_sysfs_msm_subsys_restart, sysfs_type, fs_type; type vendor_sysfs_sensors, sysfs_type, fs_type; type vendor_sysfs_sectouch, sysfs_type, fs_type; type vendor_sysfs_soc, sysfs_type, fs_type; +type vendor_sysfs_soc_sensitive, sysfs_type, fs_type; type vendor_sysfs_public, sysfs_type, fs_type; type vendor_sysfs_scsi_host, fs_type, sysfs_type; type vendor_sysfs_scsi_target, fs_type, sysfs_type; diff --git a/generic/vendor/common/genfs_contexts b/generic/vendor/common/genfs_contexts index d9d67a88..ad846453 100644 --- a/generic/vendor/common/genfs_contexts +++ b/generic/vendor/common/genfs_contexts @@ -79,6 +79,7 @@ genfscon sysfs /devices/virtual/graphics/fb0 u:object genfscon sysfs /devices/virtual/graphics/fb1 u:object_r:vendor_sysfs_graphics:s0 genfscon sysfs /devices/soc/8c0000.qcom,msm-cam u:object_r:vendor_sysfs_camera:s0 genfscon sysfs /devices/soc0 u:object_r:vendor_sysfs_soc:s0 +genfscon sysfs /devices/soc0/serial_number u:object_r:vendor_sysfs_soc_sensitive:s0 genfscon sysfs /devices/soc0/soc_id u:object_r:vendor_sysfs_public:s0 genfscon sysfs /devices/system/soc/soc0/id u:object_r:vendor_sysfs_public:s0 genfscon sysfs /devices/soc0/family u:object_r:vendor_sysfs_public:s0 diff --git a/legacy/vendor/common/file.te b/legacy/vendor/common/file.te index 087aeb27..2164d852 100644 --- a/legacy/vendor/common/file.te +++ b/legacy/vendor/common/file.te @@ -195,6 +195,7 @@ type sysfs_hsic_host_rdy, sysfs_type, fs_type; # Files accessed by qcom-system-daemon type sysfs_socinfo, fs_type, sysfs_type; +type sysfs_socinfo_sensitive, fs_type, sysfs_type; type vendor_sysfs_public, fs_type, sysfs_type; type qlogd_socket, file_type, mlstrustedobject; diff --git a/legacy/vendor/common/genfs_contexts b/legacy/vendor/common/genfs_contexts index 268b083d..c44bcb83 100755 --- a/legacy/vendor/common/genfs_contexts +++ b/legacy/vendor/common/genfs_contexts @@ -46,6 +46,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw/devfreq u:object_r:sysfs_ genfscon sysfs /devices/platform/soc/soc:qcom,llccbw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /module/big_cluster_min_freq_adjust u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc0 u:object_r:sysfs_socinfo:s0 +genfscon sysfs /devices/soc0/serial_number u:object_r:sysfs_socinfo_sensitive:s0 genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:sysfs_devfreq:s0 |