From 24fedfac2afbe7f0cc84b79cebc6ad4e5535ffaf Mon Sep 17 00:00:00 2001 From: nyyu Date: Sun, 8 Jan 2023 11:36:26 +0100 Subject: [PATCH] msm8974-common: sepolicy --- sepolicy/common/hal_power_default.te | 3 +++ sepolicy/common/vold.te | 3 +-- sepolicy/private/blkid.te | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 sepolicy/private/blkid.te diff --git a/sepolicy/common/hal_power_default.te b/sepolicy/common/hal_power_default.te index dbf2d4a..59c0748 100644 --- a/sepolicy/common/hal_power_default.te +++ b/sepolicy/common/hal_power_default.te @@ -1 +1,4 @@ allow hal_power_default sysfs_hal_pwr:file w_file_perms; +allow hal_power_stats_default sysfs_iio:dir { search open r_dir_perms }; +allow hal_power_stats_default sysfs_iio:lnk_file r_file_perms; +allow hal_power_stats_default sysfs_iio:file r_file_perms; diff --git a/sepolicy/common/vold.te b/sepolicy/common/vold.te index 548e81e..67b8167 100644 --- a/sepolicy/common/vold.te +++ b/sepolicy/common/vold.te @@ -11,7 +11,6 @@ allow vold { system_block_device }:blk_file getattr; -allowxperm vold vold_device:blk_file ioctl 0x1271; -allowxperm vold vold_device:blk_file ioctl BLKROGET; +allowxperm vold vold_device:blk_file ioctl { BLKDISCARD BLKGETSIZE }; dontaudit vold hal_bootctl_hwservice:hwservice_manager find; diff --git a/sepolicy/private/blkid.te b/sepolicy/private/blkid.te new file mode 100644 index 0000000..a2b911e --- /dev/null +++ b/sepolicy/private/blkid.te @@ -0,0 +1 @@ +allow vold blkid_exec:file rx_file_perms;