lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

msm8974-common: Switch to TimeKeep

Browse source 
* SE policies are imported and modified from
   https://github.com/sonyxperiadev/device-sony-sepolicy.
   Modifications are needed because qcom legacy policy
   contains conflicting labels and rules.

Change-Id: Id04a824dea69976f6fc9d48bef77859cc82971ed
This commit is contained in:
Wang Han 2020-05-26 20:58:17 +08:00 committed by Kevin F. Haggerty
parent 5e12cb3926
commit b9a1d97191
No known key found for this signature in database
GPG key ID: 6D95512933112729
9 changed files with 70 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lineage.dependencies
View file

@ -2,5 +2,9 @@
{ {
"repository": "android_device_samsung_qcom-common", "repository": "android_device_samsung_qcom-common",
"target_path": "device/samsung/qcom-common" "target_path": "device/samsung/qcom-common"
},
{
"repository": "android_hardware_sony_timekeep",
"target_path": "hardware/sony/timekeep"
} }
] ]

5
msm8974.mk
View file

@ -168,6 +168,11 @@ PRODUCT_PACKAGES += \
android.hardware.sensors@1.0-impl.samsung8974 \ android.hardware.sensors@1.0-impl.samsung8974 \
android.hardware.sensors@1.0-service.samsung8974 android.hardware.sensors@1.0-service.samsung8974
# TimeKeep
PRODUCT_PACKAGES += \
timekeep \
TimeKeep
# Touch features # Touch features
PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \
vendor.lineage.touch@1.0-service.samsung vendor.lineage.touch@1.0-service.samsung

4
sepolicy/common/file_contexts
View file

@ -94,5 +94,9 @@
# sysfs - sensors # sysfs - sensors
/sys/devices/virtual/sensors(/.*)? u:object_r:sysfs_sensors:s0 /sys/devices/virtual/sensors(/.*)? u:object_r:sysfs_sensors:s0
# sysfs - time
/sys/devices/qpnp-rtc-[0-9]+/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0
/(system/vendor|vendor)/bin/timekeep u:object_r:timekeep_exec:s0
# sysfs - usb # sysfs - usb
/sys/devices/virtual/host_notify/usb_otg(/.*)? u:object_r:sysfs_usb_otg:s0 /sys/devices/virtual/host_notify/usb_otg(/.*)? u:object_r:sysfs_usb_otg:s0

1
sepolicy/common/property.te Normal file
View file

@ -0,0 +1 @@
type vendor_timekeep_prop, property_type;

1
sepolicy/common/property_contexts
View file

@ -1 +1,2 @@
persist.vendor.timeadjust u:object_r:vendor_timekeep_prop:s0
service.camera.hdmi_preview u:object_r:camera_prop:s0 service.camera.hdmi_preview u:object_r:camera_prop:s0

8
sepolicy/common/seapp_contexts Normal file
View file

@ -0,0 +1,8 @@
user=system seinfo=platform name=com.sony.timekeep domain=timekeep_app type=app_data_file
# Why app_data_file and not system_app_data_file?
# Because some daemon needs access to /data/data/com.sony.{timekeep,qcrilam}
# This happens with system_app_data_file:
# ContextImpl: Failed to ensure /data/user/0/com.sony.qcrilam/cache: mkdir failed: EACCES (Permission denied)
# ContextImpl: Failed to update user.inode_cache: stat failed: EACCES (Permission denied)
# ContextImpl: Failed to ensure /data/user_de/0/com.sony.qcrilam/code_cache: mkdir failed: EACCES (Permission denied)
# ContextImpl: Failed to update user.inode_code_cache: stat failed: EACCES (Permission denied)

1
sepolicy/common/time_daemon.te
View file

@ -1 +0,0 @@
allow time_daemon alarm_device:chr_file rw_file_perms;

22
sepolicy/common/timekeep.te Normal file
View file

@ -0,0 +1,22 @@
# Policy for the timekeep.c oneshot system service
# Gets called once during init by vendor timekeep.rc and restores
# clock from persist.vendor.timeadjust property, reads
# /sys/class/rtc/rtc0/since_epoch
type timekeep, domain;
type timekeep_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(timekeep)
# Grant permission to set system time and to set the real-time clock
allow timekeep self:capability sys_time;
# Write to /data/vendor/time/ats_2
allow timekeep time_data_file:dir rw_dir_perms;
allow timekeep time_data_file:file create_file_perms;
# Set persist.vendor.timeadjust
set_prop(timekeep, vendor_timekeep_prop)
# Read /sys/class/rtc/rtc0/since_epoch
allow timekeep sysfs_rtc:dir search;
allow timekeep sysfs_rtc:{ file lnk_file } r_file_perms;

25
sepolicy/common/timekeep_app.te Normal file
View file

@ -0,0 +1,25 @@
# Policy for the TimeKeep Java app. It listens to a BootReceiver
# or TIME_SET event and calculates the offset between the rtc clock
# in /sys/class/rtc0/since_epoch and the current device time and stores that
# value in /data/vendor/time/ats_2 and as persist.vendor.timeadjust.
type timekeep_app, domain;
app_domain(timekeep_app)
# Needed to get access to /data/data/com.sony.timekeep
# Only getattr and search are requested since TimeKeep does not write to its own directory
# /data/data/com.sony.timekeep only has two empty subdirs
dontaudit timekeep_app app_data_file:dir { getattr search };
allow timekeep_app activity_service:service_manager find;
# Read from /data/vendor/time/ats_2
allow timekeep_app time_data_file:dir create_dir_perms;
allow timekeep_app time_data_file:file create_file_perms;
# Read /sys/class/rtc/rtc0/since_epoch
allow timekeep_app sysfs_rtc:dir { search };
allow timekeep_app sysfs_rtc:{ file lnk_file } r_file_perms;
# Set the persist.vendor.timeadjust property
set_prop(timekeep_app, vendor_timekeep_prop)