diff options
| -rw-r--r-- | generic/vendor/common/hal_camera.te | 2 | ||||
| -rw-r--r-- | generic/vendor/common/hal_imsrtp.te | 2 | ||||
| -rw-r--r-- | generic/vendor/common/vold.te | 1 | ||||
| -rw-r--r-- | qva/vendor/common/hal_perf_default.te | 4 | ||||
| -rw-r--r-- | qva/vendor/common/qvrd_vndr.te | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | qva/vendor/common/vppservice.te | 4 |
6 files changed, 12 insertions, 3 deletions
diff --git a/generic/vendor/common/hal_camera.te b/generic/vendor/common/hal_camera.te index d4a75349..0d2f9949 100644 --- a/generic/vendor/common/hal_camera.te +++ b/generic/vendor/common/hal_camera.te @@ -68,3 +68,5 @@ allow hal_camera_default gpu_device:chr_file rw_file_perms; # Postproc Service hal_attribute_hwservice(hal_camera, vendor_hal_camera_postproc_hwservice); + +dontaudit hal_camera_default vendor_xdsp_device:chr_file { open read}; diff --git a/generic/vendor/common/hal_imsrtp.te b/generic/vendor/common/hal_imsrtp.te index 02a7aaa4..89a7d4ab 100644 --- a/generic/vendor/common/hal_imsrtp.te +++ b/generic/vendor/common/hal_imsrtp.te @@ -51,7 +51,7 @@ r_dir_file(vendor_hal_imsrtp, vendor_sysfs_diag) get_prop(vendor_hal_imsrtp, vendor_ims_prop) binder_call(vendor_hal_imsrtp, vendor_qtelephony) -userdebug_or_eng(' +userdebug_or_eng(` binder_call(vendor_hal_imsrtp, vtloopback_app) ') diff --git a/generic/vendor/common/vold.te b/generic/vendor/common/vold.te index bd86659e..5ad1f282 100644 --- a/generic/vendor/common/vold.te +++ b/generic/vendor/common/vold.te @@ -29,3 +29,4 @@ get_prop(vold, vendor_tee_listener_prop) # Based on the comment from b/111409607 FITRIM might # be needed allow vold mnt_vendor_file:dir { open read ioctl }; +allow vold vendor_sysfs_mmc_host:file w_file_perms; diff --git a/qva/vendor/common/hal_perf_default.te b/qva/vendor/common/hal_perf_default.te index 7e64de95..f82176a8 100644 --- a/qva/vendor/common/hal_perf_default.te +++ b/qva/vendor/common/hal_perf_default.te @@ -137,4 +137,6 @@ allow vendor_hal_perf_default self:capability { sys_nice setuid }; allow vendor_hal_perf vendor_qdisplay_service:service_manager find; vndbinder_use(vendor_hal_perf); -hal_client_domain(vendor_hal_perf_default, hal_thermal);
\ No newline at end of file +hal_client_domain(vendor_hal_perf_default, hal_thermal); + +dontaudit vendor_hal_perf_default self:capability dac_override; diff --git a/qva/vendor/common/qvrd_vndr.te b/qva/vendor/common/qvrd_vndr.te index c378c471..0c022197 100644 --- a/qva/vendor/common/qvrd_vndr.te +++ b/qva/vendor/common/qvrd_vndr.te @@ -25,7 +25,7 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -type vendor_qvrd_vndr, domain; +type vendor_qvrd_vndr, domain, mlstrustedsubject; type vendor_qvrd_vndr_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(vendor_qvrd_vndr) diff --git a/qva/vendor/common/vppservice.te b/qva/vendor/common/vppservice.te index bf73e3c4..cecc3e98 100644..100755 --- a/qva/vendor/common/vppservice.te +++ b/qva/vendor/common/vppservice.te @@ -57,6 +57,10 @@ allow vendor_vppservice ion_device:chr_file rw_file_perms; allow vendor_vppservice video_device:chr_file rw_file_perms; allow vendor_vppservice vendor_qdsp_device:chr_file r_file_perms; allow vendor_vppservice gpu_device:chr_file rw_file_perms; + +# suppress xdsp denial, since it is expected +dontaudit vendor_vppservice vendor_xdsp_device:chr_file { open read ioctl }; + # allow vppservice to access dsp read_prop get_prop(vendor_vppservice, vendor_adsprpc_prop) |