Commit a84a8c75 authored by fire855's avatar fire855
Browse files

sepolicy: rework for hidl hals & cleanup

parent 923a2ade

sepolicy/audioserver.te

deleted100644 → 0
+0 −18
Original line number Diff line number Diff line 
# nvram

allow audioserver nvdata_file:dir rw_dir_perms;

allow audioserver nvdata_file:file create_file_perms;

allow audioserver nvdata_file:lnk_file r_file_perms;

allow audioserver ccci_device:chr_file rw_file_perms;



# fm radio

allow audioserver fm_device:chr_file rw_file_perms;



# Audio

allow audioserver sysfs:file { open read write };

allow audioserver sysfs_devinfo:file { open read write };

allow audioserver sysfs_ccci:file r_file_perms;

allow audioserver sysfs_ccci:dir search;

allow audioserver audiohal_prop:property_service set;



# BT

allow audioserver ebc_device:chr_file rw_file_perms;

sepolicy/bluetooth.te

deleted100644 → 0
+0 −9
Original line number Diff line number Diff line 
# Allow access to the hardware node

allow bluetooth stpbt_device:chr_file rw_file_perms;



# Allow nvram access

allow bluetooth nvdata_file:dir search;

allow bluetooth nvdata_file:file rw_file_perms;

allow bluetooth nvdata_file:lnk_file r_file_perms;



allow bluetooth block_device:dir search;

sepolicy/cameraserver.te

+1 −25
Original line number Diff line number Diff line 
# nvram

allow cameraserver nvdata_file:dir rw_dir_perms;

allow cameraserver nvdata_file:file create_file_perms;

allow cameraserver nvdata_file:lnk_file r_file_perms;

allow cameraserver ccci_device:chr_file rw_file_perms;



# camera

allow cameraserver sensorservice_service:service_manager find;

allow cameraserver system_server:unix_stream_socket { read write };

allow cameraserver camera_device:chr_file rw_file_perms;

allow cameraserver mtk_smi_device:chr_file rw_file_perms;

allow cameraserver devmap_device:chr_file r_file_perms;

allow cameraserver cmdq_device:chr_file r_file_perms;

allow cameraserver sysfs_devinfo:file rw_file_perms;

allow cameraserver sysfs_membw:file rw_file_perms;

allow cameraserver sysfs_boot_mode:file r_file_perms;

allow cameraserver sysfs_ddr_type:file r_file_perms;

allow cameraserver proc:file r_file_perms;

allow cameraserver proc_meminfo:file r_file_perms;

allow cameraserver proc_m4u:file r_file_perms;

allow cameraserver proc_mtk_cmdq:file r_file_perms;

allow cameraserver proc_ged:file r_file_perms;
 


# PQ

allow cameraserver pq_service:service_manager find;

sepolicy/ccci_fsd.te

+2 −1
Original line number Diff line number Diff line
@@ -15,4 +15,5 @@ allow ccci_fsd protect_s_data_file:dir create_dir_perms; 
allow ccci_fsd protect_s_data_file:file create_file_perms;

allow ccci_fsd sysfs_ccci:file rw_file_perms;

allow ccci_fsd sysfs_ccci:dir search;

allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
 


wakelock_use(ccci_fsd)

sepolicy/ccci_mdinit.te

+2 −4
Original line number Diff line number Diff line
@@ -9,14 +9,12 @@ allow ccci_mdinit ccci_cfg_file:file create_file_perms; 
allow ccci_mdinit nvdata_file:dir rw_dir_perms;

allow ccci_mdinit nvdata_file:file create_file_perms;

allow ccci_mdinit nvdata_file:lnk_file r_file_perms;

allow ccci_mdinit sysfs_boot_mode:file r_file_perms;

allow ccci_mdinit sysfs_ccci:dir search;

allow ccci_mdinit sysfs_ccci:file rw_file_perms;

allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;

allow ccci_mdinit sysfs_devinfo:file r_file_perms;



allow ccci_mdinit nvram_device:blk_file rw_file_perms;

allow ccci_mdinit mtk_md_prop:property_service set;



set_prop(ccci_mdinit, mtk_md_prop)

set_prop(ccci_mdinit, ctl_ccci_fsd_prop)

set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)

set_prop(ccci_mdinit, ctl_rildaemon_prop)