mondrianwifi: sepolicy

This commit is contained in:
nyyu 2021-08-29 11:45:15 +02:00
parent 6a033b4c18
commit cec286b574
7 changed files with 25 additions and 1 deletions

View File

@ -4,3 +4,10 @@
# DRM # DRM
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
# sysfs - iio
/sys/bus/iio/devices/iio:device[0-9]+(/.*)? u:object_r:sysfs_iio:s0
/sys/devices/[a-f0-9]+\.i2c/i2c-[0-9]+/[0-9]+-[0-9]+/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
# system files
/(vendor|system/vendor)/bin/init\.input\.sh u:object_r:qti_init_shell_exec:s0

1
sepolicy/common/fsck.te Normal file
View File

@ -0,0 +1 @@
allow fsck self:capability dac_override;

View File

@ -0,0 +1,3 @@
allow hal_lineage_touch_default {
sysfs_sec_touchkey
}:file rw_file_perms;

2
sepolicy/common/init.te Normal file
View File

@ -0,0 +1,2 @@
allow init sysfs:file setattr;
allow init system_file:file execute_no_trans;

View File

@ -0,0 +1,8 @@
allow qti_init_shell bluetooth_efs_file:dir search;
allow qti_init_shell bluetooth_efs_file:file r_file_perms;
allow qti_init_shell bluetooth_loader_exec:file { r_file_perms execute_no_trans execute };
allow qti_init_shell btnvtool_exec:file execute_no_trans;
allow qti_init_shell efs_file:dir search;
allow qti_init_shell efs_file:file r_file_perms;
allow qti_init_shell toolbox_exec:file { r_file_perms execute_no_trans execute };
allow qti_init_shell shell_exec:file r_file_perms;

View File

@ -3,3 +3,5 @@ allow wcnss_service block_device:dir {search};
allow wcnss_service efs_file:dir search; allow wcnss_service efs_file:dir search;
allow wcnss_service efs_file:file r_file_perms; allow wcnss_service efs_file:file r_file_perms;
allow wcnss_service wifi_efs_file:dir search;
allow wcnss_service wifi_efs_file:file r_file_perms;

View File

@ -0,0 +1 @@
get_prop(zygote, bluetooth_prop);