android_device_samsung_msm8.../sepolicy/common/file_contexts

103 lines
6.1 KiB
Plaintext
Raw Normal View History

# block devices
/dev/block/platform/msm_sdcc\.1/by-name/efs u:object_r:efs_block_device:s0
/dev/block/platform/msm_sdcc\.1/by-name/fota u:object_r:misc_block_device:s0
# data files
/data/.cid.info u:object_r:wifi_data_file:s0
/data/.psm.info u:object_r:wifi_data_file:s0
/data/.wifiver.info u:object_r:wifi_data_file:s0
# device nodes
/dev/alarm u:object_r:alarm_device:s0
/dev/batch_io u:object_r:sensors_device:s0
/dev/bcm2079x u:object_r:nfc_device:s0
/dev/btlock u:object_r:bluetooth_device:s0
/dev/pn547 u:object_r:nfc_device:s0
/dev/rfkill u:object_r:wlan_device:s0
/dev/sec-nfc u:object_r:nfc_device:s0
/dev/stune(/.*)? u:object_r:cgroup:s0
# efs files
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
# executeables
/system/vendor/bin/macloader u:object_r:macloader_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.software u:object_r:hal_gatekeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service\.samsung u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service.samsung8974 u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-qcom u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
# firmware
/system/vendor/firmware/bcm(.*).hcd u:object_r:bt_fw_file:s0
/system/vendor/firmware/bcm2079x(.*).ncd u:object_r:nfc_fw_file:s0
/system/vendor/firmware/libpn547_fw.so u:object_r:nfc_fw_file:s0
# rootfs
/firmware-modem u:object_r:firmware_file:s0
/tombstones u:object_r:rootfs:s0
# sockets
/data/cam_socket3 u:object_r:camera_socket:s0
# sysfs
/sys/devices/[a-f0-9]+\.uart(/.*)? u:object_r:sysfs_msmuart_file:s0
/sys/devices/platform/bcm[0-9]+_bluetooth/rfkill/rfkill0(/.*)? u:object_r:sysfs_bluetooth_writable:s0
msm8974-common: sepolicy: Resolve misc denials avc: denied { chown } for capability=0 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0 avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=1315 scontext=u:r:mediaserver:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { getattr } for pid=1940 comm="mount.ntfs" path="/dev/block/mmcblk0p23" dev="tmpfs" ino=6957 scontext=u:r:vold:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 avc: denied { read write } for pid=1370 comm="mm-qcamera-daem" name="rear_corever" dev="sysfs" ino=24696 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 avc: denied { search } for pid=561 comm="mm-qcamera-daem" name="camera" dev="sysfs" ino=24680 scontext=u:r:mm-qcamerad:s0 tcontext=u:object_r:sysfs_camera:s0 tclass=dir permissive=0 avc: denied { getattr } for pid=1950 comm="mount.ntfs" path="/dev/block/mmcblk0p24" dev="tmpfs" ino=8134 scontext=u:r:vold:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0 avc: denied { getattr } for pid=1926 comm="fsck.ntfs" path="/dev/block" dev="tmpfs" ino=6956 scontext=u:r:fsck_untrusted:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0 avc: denied { getattr } for pid=1948 comm="mount.ntfs" path="/dev/block/mmcblk0p12" dev="tmpfs" ino=8090 scontext=u:r:vold:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=0 avc: denied { read } for pid=339 comm="mediaserver" name="rear_camfw_load" dev="sysfs" ino=24694 scontext=u:r:mediaserver:s0 tcontext=u:object_r:sysfs_camera:s0 tclass=file permissive=0 Change-Id: Ieb941d135d9f245f4a2bb9abb78e1b84bbef4b38
2018-03-26 14:37:07 +02:00
/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
/sys/devices/virtual/input(/.*)? u:object_r:sysfs_input:s0
/sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi_writeable:s0
/sys/module/dhd/parameters/nvram_path u:object_r:sysfs_wifi_writeable:s0
# sysfs - battery/charger
/sys/devices/battery\.[0-9]+/power_supply(/.*)? u:object_r:sysfs_batteryinfo:s0
/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/max[a-z0-9]+-charger/power_supply(/.*)? u:object_r:sysfs_batteryinfo:s0
/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/power_supply(/.*)? u:object_r:sysfs_batteryinfo:s0
/sys/devices/msm_dwc3/power_supply(/.*)? u:object_r:sysfs_batteryinfo:s0
# sysfs - block/storage
/sys/devices/msm_sdcc\.[0-9]/mmc_host/mmc[0-9]/power(/.*)? u:object_r:sysfs_mmc_host:s0
# sysfs - cpu/perf
/sys/devices/system/soc/soc0(/.*)? u:object_r:sysfs_socinfo:s0
# sysfs - graphics/panel
/sys/class/mhl(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices/mdp\.[0-9](/.*)? u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb0/csc_cfg u:object_r:sysfs_graphics:s0
/sys/devices/virtual/lcd/panel(/.*)? u:object_r:sysfs_graphics:s0
# sysfs - iio
/sys/bus/iio/devices(/.*)? u:object_r:sysfs_iio:s0
/sys/devices/[a-f0-9]+\.spi/spi_master/spi[0-9]+/spi[0-9]+\.0/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
# sysfs - leds
/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/leds(/.*)? u:object_r:sysfs_leds:s0
/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/max[a-z0-9]+-led/leds(/.*)? u:object_r:sysfs_leds:s0
# sysfs - mdnie
/sys/devices/virtual/mdnie/mdnie(/.*)? u:object_r:sysfs_mdnie:s0
msm8974-common: sepolicy: Label sysfs_sec_* types, resolve denials * Rename sysfs_sec type to sysfs_sec_key * Add additional sysfs_sec_* types as appropriate * avc: denied { read } for name="temp_adc" dev="sysfs" ino=10538 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1 * avc: denied { open } for name="temp_adc" dev="sysfs" ino=10538 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=1 * avc: denied { write } for name="ir_send" dev="sysfs" ino=21339 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file permissive=1 * avc: denied { write } for name="led_blink" dev="sysfs" ino=25722 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_led:s0 tclass=file permissive=1 * avc: denied { write } for name="brightness" dev="sysfs" ino=23467 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=1 * avc: denied { setattr } for name="ir_send" dev="sysfs" ino=21339 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_ir:s0 tclass=file permissive=1 * avc: denied { setattr } for name="hall_irq_ctrl" dev="sysfs" ino=29565 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0 tclass=file permissive=1 * avc: denied { setattr } for name="epen_firm_update" dev="sysfs" ino=23585 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_epen:s0 tclass=file permissive=1 * avc: denied { setattr } for name="cmd" dev="sysfs" ino=23756 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0 tclass=file permissive=1 * avc: denied { write } for name="wakeup_keys" dev="sysfs" ino=29568 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0 tclass=file permissive=1 * avc: denied { open } for name="wakeup_keys" dev="sysfs" ino=29568 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_key:s0 tclass=file permissive=1 * avc: denied { read } for name="input" dev="sysfs" ino=24012 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_tsp:s0 tclass=lnk_file permissive=0 * avc: denied { setattr } for name="waketime" dev="sysfs" ino=29035 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_bamdmux:s0 tclass=file permissive=0 * avc: denied { setattr } for name="led_r" dev="sysfs" ino=25719 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_led:s0 tclass=file permissive=0 * avc: denied { setattr } for name="usb_sel" dev="sysfs" ino=28162 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_switch:s0 tclass=file permissive=0 * avc: denied { setattr } for name="brightness" dev="sysfs" ino=23468 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_touchkey:s0 tclass=file permissive=0 * avc: denied { setattr } for name="temperature" dev="sysfs" ino=10538 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_thermistor:s0 tclass=file permissive=0 * avc: denied { setattr } for name="barcode_send" dev="sysfs" ino=19231 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_sec_barcode_emul:s0 tclass=file permissive=0 Change-Id: I66b6d2aab875a2706f2730be9755e8d9805ffb6e
2018-11-15 03:57:03 +01:00
# sysfs - sec
/sys/devices/platform/sec-thermistor(/.*)? u:object_r:sysfs_sec_thermistor:s0
/sys/devices/virtual/sec/bamdmux(/.*)? u:object_r:sysfs_sec_bamdmux:s0
/sys/devices/virtual/sec/led(/.*)? u:object_r:sysfs_sec_led:s0
/sys/devices/virtual/sec/sec_barcode_emul(/.*)? u:object_r:sysfs_sec_barcode_emul:s0
/sys/devices/virtual/sec/sec_epen(/.*)? u:object_r:sysfs_sec_epen:s0
/sys/devices/virtual/sec/sec_ir(/.*)? u:object_r:sysfs_sec_ir:s0
/sys/devices/virtual/sec/sec_key(/.*)? u:object_r:sysfs_sec_key:s0
/sys/devices/virtual/sec/sec_touchkey(/.*)? u:object_r:sysfs_sec_touchkey:s0
/sys/devices/virtual/sec/switch(/.*)? u:object_r:sysfs_sec_switch:s0
/sys/devices/virtual/sec/tsp(/.*)? u:object_r:sysfs_sec_tsp:s0
# sysfs - sensors
/sys/devices/virtual/sensors(/.*)? u:object_r:sysfs_sensors:s0
# sysfs - time
/sys/devices/qpnp-rtc-[0-9]+/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0
/(system/vendor|vendor)/bin/timekeep u:object_r:timekeep_exec:s0
# sysfs - usb
/sys/devices/virtual/host_notify/usb_otg(/.*)? u:object_r:sysfs_usb_otg:s0