Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vendor updates for Pie: Sensors, Wi-Fi, properties #415

Merged
merged 8 commits into from
Dec 12, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions vendor/addrsetup.te
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@ unix_socket_connect(addrsetup, tad, tad)
allow addrsetup bluetooth_vendor_data_file:dir rw_dir_perms;
allow addrsetup bluetooth_vendor_data_file:file create_file_perms;

allow addrsetup wifi_vendor_data_file:dir rw_dir_perms;
allow addrsetup wifi_vendor_data_file:file create_file_perms;
allow addrsetup hostapd_data_file:dir rw_dir_perms;
allow addrsetup hostapd_data_file:file create_file_perms;
allow addrsetup wpa_data_file:dir rw_dir_perms;
allow addrsetup wpa_data_file:file create_file_perms;

allow addrsetup sysfs_addrsetup:file rw_file_perms;

Expand Down
2 changes: 2 additions & 0 deletions vendor/cameraserver.te
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
allow cameraserver gpu_device:chr_file rw_file_perms;

allow cameraserver system_server:unix_stream_socket { read write };
set_prop(cameraserver, vendor_camera_prop)
get_prop(cameraserver, vendor_camera_prop)
4 changes: 3 additions & 1 deletion vendor/cashsvr.te
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ type cashsvr_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(cashsvr)

# For dropping permissions
allow cashsvr self:capability { chown setuid };

allow cashsvr cashsvr_socket:dir rw_dir_perms;
Expand All @@ -12,4 +13,5 @@ allow cashsvr input_device:dir search;
allow cashsvr input_device:chr_file r_file_perms;

allow cashsvr sysfs_tof_sensor:file { rw_file_perms setattr };
allow cashsvr sysfs:file r_file_perms;
allow cashsvr sysfs_rgbc_sensor:file { rw_file_perms setattr };
allow cashsvr sysfs_input_name:file r_file_perms;
5 changes: 4 additions & 1 deletion vendor/file.te
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@ type sysfs_msm_subsys, sysfs_type, fs_type;
type sysfs_msm_subsys_restart, sysfs_type, fs_type;
type sysfs_rmtfs, sysfs_type, fs_type;
type sysfs_soc, sysfs_type, fs_type;
type sysfs_esoc, sysfs_type, fs_type;
type sysfs_timestamp_switch, sysfs_type, fs_type;
type sysfs_addrsetup, sysfs_type, fs_type;
type sysfs_bluetooth, sysfs_type, fs_type;
type sysfs_pcc_profile, sysfs_type, fs_type;
type sysfs_timekeep, sysfs_type, fs_type;
type sysfs_usb_supply, sysfs_type, fs_type;
type sysfs_input_name, sysfs_type, fs_type;

type debugfs_clk, debugfs_type, fs_type;
type debugfs_ion, debugfs_type, fs_type;
Expand Down Expand Up @@ -54,7 +56,6 @@ type nfc_vendor_data_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type sensors_vendor_data_file, file_type, data_file_type;
type timekeep_vendor_data_file, file_type, data_file_type;
type wifi_vendor_data_file, file_type, data_file_type;
type bluetooth_vendor_data_file, file_type, data_file_type;
type audio_vendor_data_file, file_type, data_file_type;
type camera_vendor_data_file, file_type, data_file_type;
Expand All @@ -79,3 +80,5 @@ type sysfs_boot_wlan, fs_type, sysfs_type;

# ToF sensor
type sysfs_tof_sensor, fs_type, sysfs_type;
# RGBCIR sensor
type sysfs_rgbc_sensor, fs_type, sysfs_type;
24 changes: 23 additions & 1 deletion vendor/file_contexts
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,29 @@
/(system/vendor|vendor)/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0

# sysfs paths
# ToF sensor for CASH
/sys/devices/virtual/input/input[0-9]+/enable_ps_sensor u:object_r:sysfs_tof_sensor:s0
/sys/devices/virtual/input/input[0-9]+/set_use_case u:object_r:sysfs_tof_sensor:s0
# RGBCIR sensor for CASH
/sys/devices/virtual/input/input[0-9]+/als_Itime u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_all u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_auto_gain u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_blue u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_channel u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_clear u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_gain u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_green u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_persist u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_power_state u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_red u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_thres u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/als_thresh_deltaP u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/chip_id u:object_r:sysfs_rgbc_sensor:s0
/sys/devices/virtual/input/input[0-9]+/chip_pow u:object_r:sysfs_rgbc_sensor:s0
# Input device names, mainly for CASH to enumerate
/sys/devices/virtual/input/input[0-9]+/name u:object_r:sysfs_input_name:s0
# RTC
/sys/class/rtc/rtc[0-9]+(/.*)? u:object_r:sysfs_rtc:s0

###############################################
# same-process HAL files and their dependencies
Expand Down Expand Up @@ -146,7 +167,8 @@
/data/vendor/time(/.*)? u:object_r:timekeep_vendor_data_file:s0
/data/vendor/location(/.*)? u:object_r:location_vendor_data_file:s0
/data/vendor/bluetooth(/.*)? u:object_r:bluetooth_vendor_data_file:s0
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
/data/vendor/wifi/hostapd(/.*)? u:object_r:hostapd_data_file:s0
/data/vendor/wifi/wpa(/.*)? u:object_r:wpa_data_file:s0
/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0

Expand Down
1 change: 1 addition & 0 deletions vendor/genfs_contexts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0 u:object
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4 u:object_r:sysfs_msm_subsys:s0

genfscon sysfs /class/uio u:object_r:sysfs_uio:s0
genfscon sysfs /bus/esoc/devices u:object_r:sysfs_esoc:s0
genfscon sysfs /devices/soc/soc:bt_wcn3990 u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /devices/soc/soc:qcom,gpubw u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp u:object_r:sysfs_msm_subsys:s0
Expand Down
1 change: 1 addition & 0 deletions vendor/hal_camera_default.te
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ allow hal_camera_default cashsvr_socket:sock_file write;
allow hal_camera_default sysfs_msm_subsys:dir r_dir_perms;
allow hal_camera_default sysfs_msm_subsys:file r_file_perms;
r_dir_file(hal_camera_default, sysfs_soc)
r_dir_file(hal_camera_default, sysfs_esoc)

allow hal_camera_default camera_vendor_data_file:dir rw_dir_perms;
allow hal_camera_default camera_vendor_data_file:file create_file_perms;
1 change: 1 addition & 0 deletions vendor/hal_gnss_qti.te
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_gnss_qti)

r_dir_file(hal_gnss_qti, sysfs_msm_subsys)
r_dir_file(hal_gnss_qti, sysfs_esoc)

vndbinder_use(hal_gnss_qti)

Expand Down
2 changes: 2 additions & 0 deletions vendor/hal_sensors_default.te
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# interact with the sensors low power island (SLPI) CPU
allow hal_sensors_default self:socket { create ioctl read write };
allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;

r_dir_file(hal_sensors_default, sysfs_msm_subsys);
allow hal_sensors_default sysfs_esoc:dir r_dir_perms;

allow hal_sensors_default persist_file:dir search;
allow hal_sensors_default persist_sensors_file:dir search;
Expand Down
4 changes: 1 addition & 3 deletions vendor/hal_wifi_supplicant_default.te
Original file line number Diff line number Diff line change
@@ -1,4 +1,2 @@
allow hal_wifi_supplicant_default proc_net:file w_file_perms;

allow hal_wifi_supplicant_default wifi_vendor_data_file:dir create_dir_perms;
allow hal_wifi_supplicant_default wifi_vendor_data_file:file create_file_perms;
allow hal_wifi_supplicant_default vendor_data_file:dir search;
4 changes: 2 additions & 2 deletions vendor/init-devstart-sh.te
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ init_daemon_domain(init-qcom-devstart-sh)

allow init-qcom-devstart-sh { vendor_file vendor_shell_exec vendor_toolbox_exec }:file rx_file_perms;

# Set the sys.qcom.devup property
set_prop(init-qcom-devstart-sh, system_prop)
# Set the vendor.qcom.devup property
set_prop(init-qcom-devstart-sh, vendor_device_prop)

# Set boot_adsp, boot_cdsp and boot_slpi to 1
allow init-qcom-devstart-sh sysfs_msm_subsys:file w_file_perms;
Expand Down
1 change: 1 addition & 0 deletions vendor/netmgrd.te
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ allow netmgrd sysfs_net:file rw_file_perms;

r_dir_file(netmgrd, sysfs_msm_subsys)
r_dir_file(netmgrd, sysfs_soc)
r_dir_file(netmgrd, sysfs_esoc)

wakelock_use(netmgrd)

Expand Down
1 change: 1 addition & 0 deletions vendor/per_mgr.te
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ allowxperm per_mgr self:socket ioctl msm_sock_ipc_ioctls;
allow per_mgr ssr_device:chr_file { open read };

r_dir_file(per_mgr, sysfs_msm_subsys)
r_dir_file(per_mgr, sysfs_esoc)
1 change: 1 addition & 0 deletions vendor/per_proxy.te
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ allow per_proxy per_mgr_service:service_manager find;
vndbinder_use(per_proxy)
binder_call(per_proxy, per_mgr)
r_dir_file(per_proxy, sysfs_msm_subsys)
r_dir_file(per_proxy, sysfs_esoc)
5 changes: 5 additions & 0 deletions vendor/property.te
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,8 @@ type adbtcpes_prop, property_type;
type dispcal_prop, property_type;
type qcom_ims_prop, property_type;
type vendor_bluetooth_prop, property_type;
type sensors_prop, property_type;
type vendor_usb_prop, property_type;
type vendor_usb_config_prop, property_type;
type vendor_radio_prop, property_type;
type vendor_device_prop, property_type;
8 changes: 8 additions & 0 deletions vendor/property_contexts
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,11 @@ persist.sys.timeadjust u:object_r:timekeep_prop:s0
adb.network.port.es u:object_r:adbtcpes_prop:s0
persist.dispcal.setting u:object_r:dispcal_prop:s0
sys.ims. u:object_r:qcom_ims_prop:s0
persist.vendor.radio. u:object_r:vendor_radio_prop:s0
ro.vendor.ril. u:object_r:vendor_radio_prop:s0
sensors. u:object_r:sensors_prop:s0
vendor.usb. u:object_r:vendor_usb_prop:s0
persist.vendor.usb. u:object_r:vendor_usb_prop:s0
vendor.usb.config u:object_r:vendor_usb_config_prop:s0
persist.vendor.usb.config u:object_r:vendor_usb_config_prop:s0
vendor.qcom.devup u:object_r:vendor_device_prop:s0
1 change: 1 addition & 0 deletions vendor/sensors.te
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,4 @@ allow sensors sysfs_soc:dir r_dir_perms;
allow sensors sysfs_soc:file r_file_perms;

r_dir_file(sensors, sysfs_msm_subsys)
r_dir_file(sensors, sysfs_esoc)
6 changes: 4 additions & 2 deletions vendor/wcnss_service.te
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@ allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;
allow wcnss_service vendor_firmware_file:file { read open getattr };
allow wcnss_service vendor_firmware_file:dir search;

allow wcnss_service wifi_vendor_data_file:dir create_dir_perms;
allow wcnss_service wifi_vendor_data_file:file create_file_perms;
allow wcnss_service hostapd_data_file:dir rw_dir_perms;
allow wcnss_service hostapd_data_file:file create_file_perms;
allow wcnss_service wpa_data_file:dir rw_dir_perms;
allow wcnss_service wpa_data_file:file create_file_perms;

r_dir_file(wcnss_service, sysfs_msm_subsys)

Expand Down