From 3607af54ca48c8a145a97bab0cf5012d45ade555 Mon Sep 17 00:00:00 2001 From: kleidione Freitas Date: Sun, 6 Mar 2022 11:57:51 -0300 Subject: veux: Import XiaomiParts from sm8250 Credits: https://github.com/xiaomi-sm8250-devs/android_device_xiaomi_sm8250-common - Adapte to pixelexperiece - Drop doze - Drop fod and pop camera - Add Clear speaker - Adapte SEPolicy credis: [Sebastiano Barezzi, Chenyang Zhong] Co-authored-by: Sebastiano Barezzi Co-authored-by: Adithya R Co-authored-by: kubersharma001 Co-authored-by: TheScarastic Co-authored-by: Joey Signed-off-by: kleidione --- sepolicy/private/devicesettings_app.te | 28 ++++++++++++++++++++++++++++ sepolicy/private/seapp_contexts | 1 + sepolicy/public/devicesettings_app.te | 3 +++ sepolicy/vendor/thermal-engine.te | 11 ----------- 4 files changed, 32 insertions(+), 11 deletions(-) create mode 100644 sepolicy/private/devicesettings_app.te create mode 100644 sepolicy/private/seapp_contexts create mode 100644 sepolicy/public/devicesettings_app.te delete mode 100644 sepolicy/vendor/thermal-engine.te (limited to 'sepolicy') diff --git a/sepolicy/private/devicesettings_app.te b/sepolicy/private/devicesettings_app.te new file mode 100644 index 0000000..6e6a44b --- /dev/null +++ b/sepolicy/private/devicesettings_app.te @@ -0,0 +1,28 @@ +app_domain(devicesettings_app) + +# Allow devicesettings_app to find *_service +allow devicesettings_app { + app_api_service + audioserver_service + cameraserver_service + drmserver_service + mediaextractor_service + mediametrics_service + mediaserver_service +}:service_manager find; + +# Allow devicesettings_app read and write /data/data subdirectory +allow devicesettings_app system_app_data_file:dir create_dir_perms; +allow devicesettings_app system_app_data_file:{ file lnk_file } create_file_perms; + +# Allow binder communication with gpuservice +binder_call(devicesettings_app, gpuservice) + +# Allow devicesettings_app to read and write to cgroup/sysfs_leds/sysfs_thermal +allow devicesettings_app sysfs_leds:dir search; +#allow devicesettings_app vendor_sysfs_graphics:dir search; +allow devicesettings_app { + cgroup + sysfs_leds + sysfs_thermal +}:{ file lnk_file } rw_file_perms; \ No newline at end of file diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts new file mode 100644 index 0000000..0b3253a --- /dev/null +++ b/sepolicy/private/seapp_contexts @@ -0,0 +1 @@ +user=system seinfo=platform name=org.lineageos.settings domain=devicesettings_app type=system_app_data_file \ No newline at end of file diff --git a/sepolicy/public/devicesettings_app.te b/sepolicy/public/devicesettings_app.te new file mode 100644 index 0000000..7af5e9b --- /dev/null +++ b/sepolicy/public/devicesettings_app.te @@ -0,0 +1,3 @@ +type devicesettings_app, domain; +typeattribute devicesettings_app mlstrustedsubject; +dontaudit devicesettings_app default_prop:file read; \ No newline at end of file diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te deleted file mode 100644 index 6e59f5b..0000000 --- a/sepolicy/vendor/thermal-engine.te +++ /dev/null @@ -1,11 +0,0 @@ -allow vendor_thermal-engine { - vendor_sysfs_devfreq - thermal_data_file -}:dir r_dir_perms; - -allow vendor_thermal-engine vendor_sysfs_devfreq:file rw_file_perms; - -# Rule for vendor_thermal-engine to access init process -unix_socket_connect(vendor_thermal-engine, property, init); - -set_prop(vendor_thermal-engine, vendor_thermal_normal_prop) \ No newline at end of file -- cgit v1.2.3