msm8974-common: Switch to TimeKeep
* SE policies are imported and modified from https://github.com/sonyxperiadev/device-sony-sepolicy. Modifications are needed because qcom legacy policy contains conflicting labels and rules. Change-Id: Id04a824dea69976f6fc9d48bef77859cc82971ed
This commit is contained in:
Wang Han
Kevin F. Haggerty
parent
5e12cb3926
commit
b9a1d97191
9 changed files with 70 additions and 1 deletions
|
|
@ -2,5 +2,9 @@
|
|||
{
|
||||
"repository": "android_device_samsung_qcom-common",
|
||||
"target_path": "device/samsung/qcom-common"
|
||||
},
|
||||
{
|
||||
"repository": "android_hardware_sony_timekeep",
|
||||
"target_path": "hardware/sony/timekeep"
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -168,6 +168,11 @@ PRODUCT_PACKAGES += \
|
|||
android.hardware.sensors@1.0-impl.samsung8974 \
|
||||
android.hardware.sensors@1.0-service.samsung8974
|
||||
|
||||
# TimeKeep
|
||||
PRODUCT_PACKAGES += \
|
||||
timekeep \
|
||||
TimeKeep
|
||||
|
||||
# Touch features
|
||||
PRODUCT_PACKAGES += \
|
||||
vendor.lineage.touch@1.0-service.samsung
|
||||
|
|
|
|||
|
|
@ -94,5 +94,9 @@
|
|||
# sysfs - sensors
|
||||
/sys/devices/virtual/sensors(/.*)? u:object_r:sysfs_sensors:s0
|
||||
|
||||
# sysfs - time
|
||||
/sys/devices/qpnp-rtc-[0-9]+/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0
|
||||
/(system/vendor|vendor)/bin/timekeep u:object_r:timekeep_exec:s0
|
||||
|
||||
# sysfs - usb
|
||||
/sys/devices/virtual/host_notify/usb_otg(/.*)? u:object_r:sysfs_usb_otg:s0
|
||||
|
|
|
|||
1
sepolicy/common/property.te
Normal file
1
sepolicy/common/property.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type vendor_timekeep_prop, property_type;
|
||||
|
|
@ -1 +1,2 @@
|
|||
persist.vendor.timeadjust u:object_r:vendor_timekeep_prop:s0
|
||||
service.camera.hdmi_preview u:object_r:camera_prop:s0
|
||||
|
|
|
|||
8
sepolicy/common/seapp_contexts
Normal file
8
sepolicy/common/seapp_contexts
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
user=system seinfo=platform name=com.sony.timekeep domain=timekeep_app type=app_data_file
|
||||
# Why app_data_file and not system_app_data_file?
|
||||
# Because some daemon needs access to /data/data/com.sony.{timekeep,qcrilam}
|
||||
# This happens with system_app_data_file:
|
||||
# ContextImpl: Failed to ensure /data/user/0/com.sony.qcrilam/cache: mkdir failed: EACCES (Permission denied)
|
||||
# ContextImpl: Failed to update user.inode_cache: stat failed: EACCES (Permission denied)
|
||||
# ContextImpl: Failed to ensure /data/user_de/0/com.sony.qcrilam/code_cache: mkdir failed: EACCES (Permission denied)
|
||||
# ContextImpl: Failed to update user.inode_code_cache: stat failed: EACCES (Permission denied)
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow time_daemon alarm_device:chr_file rw_file_perms;
|
||||
22
sepolicy/common/timekeep.te
Normal file
22
sepolicy/common/timekeep.te
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# Policy for the timekeep.c oneshot system service
|
||||
# Gets called once during init by vendor timekeep.rc and restores
|
||||
# clock from persist.vendor.timeadjust property, reads
|
||||
# /sys/class/rtc/rtc0/since_epoch
|
||||
type timekeep, domain;
|
||||
type timekeep_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(timekeep)
|
||||
|
||||
# Grant permission to set system time and to set the real-time clock
|
||||
allow timekeep self:capability sys_time;
|
||||
|
||||
# Write to /data/vendor/time/ats_2
|
||||
allow timekeep time_data_file:dir rw_dir_perms;
|
||||
allow timekeep time_data_file:file create_file_perms;
|
||||
|
||||
# Set persist.vendor.timeadjust
|
||||
set_prop(timekeep, vendor_timekeep_prop)
|
||||
|
||||
# Read /sys/class/rtc/rtc0/since_epoch
|
||||
allow timekeep sysfs_rtc:dir search;
|
||||
allow timekeep sysfs_rtc:{ file lnk_file } r_file_perms;
|
||||
25
sepolicy/common/timekeep_app.te
Normal file
25
sepolicy/common/timekeep_app.te
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# Policy for the TimeKeep Java app. It listens to a BootReceiver
|
||||
# or TIME_SET event and calculates the offset between the rtc clock
|
||||
# in /sys/class/rtc0/since_epoch and the current device time and stores that
|
||||
# value in /data/vendor/time/ats_2 and as persist.vendor.timeadjust.
|
||||
type timekeep_app, domain;
|
||||
|
||||
app_domain(timekeep_app)
|
||||
|
||||
# Needed to get access to /data/data/com.sony.timekeep
|
||||
# Only getattr and search are requested since TimeKeep does not write to its own directory
|
||||
# /data/data/com.sony.timekeep only has two empty subdirs
|
||||
dontaudit timekeep_app app_data_file:dir { getattr search };
|
||||
|
||||
allow timekeep_app activity_service:service_manager find;
|
||||
|
||||
# Read from /data/vendor/time/ats_2
|
||||
allow timekeep_app time_data_file:dir create_dir_perms;
|
||||
allow timekeep_app time_data_file:file create_file_perms;
|
||||
|
||||
# Read /sys/class/rtc/rtc0/since_epoch
|
||||
allow timekeep_app sysfs_rtc:dir { search };
|
||||
allow timekeep_app sysfs_rtc:{ file lnk_file } r_file_perms;
|
||||
|
||||
# Set the persist.vendor.timeadjust property
|
||||
set_prop(timekeep_app, vendor_timekeep_prop)
|
||||
Loading…
Add table
Reference in a new issue