diff options
| author | LuK1337 <priv.luk@gmail.com> | 2023-10-20 00:11:13 +0200 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2023-12-28 12:46:30 +0800 |
| commit | 0f9f42d0dd5f9c0287e914f93876928a76c800a2 (patch) | |
| tree | 10fe87d8e574923532bbbf609e2bcf23bbad7d20 | |
| parent | 1986f9eca4178d6bdf879c2f0c1d6d7870070e43 (diff) | |
sepolicy_vndr: isolated_app -> isolated_app_all
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
| -rw-r--r-- | generic/vendor/common/domain.te | 20 | ||||
| -rw-r--r-- | generic/vendor/common/hal_drm_widevine.te | 2 | ||||
| -rw-r--r-- | generic/vendor/test/domain.te | 2 | ||||
| -rw-r--r-- | legacy/vendor/common/domain.te | 14 | ||||
| -rw-r--r-- | legacy/vendor/common/hal_drm_clearkey.te | 2 | ||||
| -rw-r--r-- | legacy/vendor/common/hal_drm_widevine.te | 2 |
6 files changed, 21 insertions, 21 deletions
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te index abb4ac24..a8d14ea4 100644 --- a/generic/vendor/common/domain.te +++ b/generic/vendor/common/domain.te @@ -30,10 +30,10 @@ userdebug_or_eng(` get_prop(domain, vendor_gralloc_prop) -r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_soc); -r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_esoc); -r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_ssr); -r_dir_file({domain - isolated_app}, sysfs_thermal); +r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_soc); +r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_esoc); +r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_ssr); +r_dir_file({domain - isolated_app_all}, sysfs_thermal); #Reding of standard chip details need this allow untrusted_app_all { @@ -41,7 +41,7 @@ allow untrusted_app_all { vendor_sysfs_esoc vendor_sysfs_ssr }:dir search ; -r_dir_file({domain - isolated_app }, vendor_sysfs_public); +r_dir_file({domain - isolated_app_all }, vendor_sysfs_public); get_prop(domain, vendor_public_vendor_default_prop) @@ -58,12 +58,12 @@ neverallow { -vold } vendor_persist_type: { dir file } *; -allow { domain - isolated_app } vendor_sysfs_kgsl:dir search; +allow { domain - isolated_app_all } vendor_sysfs_kgsl:dir search; # Allow all context to read gpu model -allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms; -allow { domain - isolated_app } vendor_sysfs_kgsl_gpubusy:file r_file_perms; -allow { domain - isolated_app } vendor_sysfs_kgsl_max_gpuclk:file r_file_perms; -allow { domain - isolated_app } vendor_sysfs_gpu_max_clock:file r_file_perms; +allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpu_model:file r_file_perms; +allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpubusy:file r_file_perms; +allow { domain - isolated_app_all } vendor_sysfs_kgsl_max_gpuclk:file r_file_perms; +allow { domain - isolated_app_all } vendor_sysfs_gpu_max_clock:file r_file_perms; neverallow { coredomain diff --git a/generic/vendor/common/hal_drm_widevine.te b/generic/vendor/common/hal_drm_widevine.te index fbc05367..d2a21091 100644 --- a/generic/vendor/common/hal_drm_widevine.te +++ b/generic/vendor/common/hal_drm_widevine.te @@ -33,7 +33,7 @@ type vendor_hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_hal_drm_widevine) allow vendor_hal_drm_widevine mediacodec:fd use; -allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use; +allow vendor_hal_drm_widevine { appdomain -isolated_app_all }:fd use; allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms; #Allow access to smcinvoke device diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te index ee8e842a..24058d1e 100644 --- a/generic/vendor/test/domain.te +++ b/generic/vendor/test/domain.te @@ -37,7 +37,7 @@ dontaudit { #allow all gpu clients to access configuration settings userdebug_or_eng(` allow domain vendor_sysfs_kgsl:dir search; -r_dir_file({domain - isolated_app}, vendor_sysfs_kgsl_snapshot); +r_dir_file({domain - isolated_app_all}, vendor_sysfs_kgsl_snapshot); allow domain coredump_file:dir create_dir_perms; allow domain coredump_file:file create_file_perms; allow domain coredump_file:dir rw_dir_perms; diff --git a/legacy/vendor/common/domain.te b/legacy/vendor/common/domain.te index bfe92d75..4005a8c5 100644 --- a/legacy/vendor/common/domain.te +++ b/legacy/vendor/common/domain.te @@ -25,9 +25,9 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_socinfo); -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_esoc); -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_ssr); +r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_socinfo); +r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_esoc); +r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_ssr); #Reding of standard chip details need this allow untrusted_app_all { @@ -35,12 +35,12 @@ allow untrusted_app_all { sysfs_esoc sysfs_ssr }:dir search ; -r_dir_file({domain - isolated_app }, vendor_sysfs_public); +r_dir_file({domain - isolated_app_all }, vendor_sysfs_public); dontaudit domain kernel:system module_request; # Allow all domains read access to sysfs_thermal -r_dir_file({domain - isolated_app}, sysfs_thermal); +r_dir_file({domain - isolated_app_all}, sysfs_thermal); # Allow domain to read /vendor -> /system/vendor allow domain system_file:lnk_file getattr; @@ -79,6 +79,6 @@ no_debugfs_restriction(` ') # allow all context to read sysfs_kgsl -allow { domain - isolated_app } sysfs_kgsl:dir search; +allow { domain - isolated_app_all } sysfs_kgsl:dir search; # allow all context to read gpu model -allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms; +allow { domain - isolated_app_all } sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/legacy/vendor/common/hal_drm_clearkey.te b/legacy/vendor/common/hal_drm_clearkey.te index a8adb1c5..98052839 100644 --- a/legacy/vendor/common/hal_drm_clearkey.te +++ b/legacy/vendor/common/hal_drm_clearkey.te @@ -35,4 +35,4 @@ hal_server_domain(hal_drm_clearkey, hal_drm) vndbinder_use(hal_drm_clearkey); -allow hal_drm_clearkey { appdomain -isolated_app }:fd use; +allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use; diff --git a/legacy/vendor/common/hal_drm_widevine.te b/legacy/vendor/common/hal_drm_widevine.te index 3d894f98..8af28831 100644 --- a/legacy/vendor/common/hal_drm_widevine.te +++ b/legacy/vendor/common/hal_drm_widevine.te @@ -33,7 +33,7 @@ type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_drm_widevine) allow hal_drm_widevine mediacodec:fd use; -allow hal_drm_widevine { appdomain -isolated_app }:fd use; +allow hal_drm_widevine { appdomain -isolated_app_all }:fd use; # The QTI DRM-HAL implementation uses a vendor-binder service provided # by the HWC HAL. |