sm8350-common: sepolicy: Rework batterysecret rules

Change-Id: I98b231406fa1a2910cbedd133b33554e7d1c9268
This commit is contained in:
Alexander Winkowski 2023-09-12 17:59:53 +00:00 committed by Arian
parent af39848862
commit 4726aafd72
4 changed files with 21 additions and 43 deletions

View File

@ -1,41 +0,0 @@
define(`battery_daemons', `{ batteryd batterysecret }')
type batteryd, domain;
type batteryd_exec, exec_type, vendor_file_type, file_type;
type batterysecret, domain;
type batterysecret_exec, exec_type, vendor_file_type, file_type;
type persist_subsys_file, vendor_persist_type, file_type;
init_daemon_domain(batteryd)
init_daemon_domain(batterysecret)
r_dir_file(battery_daemons, cgroup)
r_dir_file(battery_daemons, mnt_vendor_file)
r_dir_file(battery_daemons, persist_subsys_file)
r_dir_file(battery_daemons, rootfs)
r_dir_file(battery_daemons, vendor_sysfs_battery_supply)
r_dir_file(battery_daemons, sysfs_batteryinfo)
r_dir_file(battery_daemons, sysfs_type)
r_dir_file(battery_daemons, vendor_sysfs_usb_supply)
r_dir_file(battery_daemons, vendor_sysfs_usbpd_device)
allow battery_daemons persist_subsys_file:dir w_dir_perms;
allow battery_daemons rootfs:dir w_dir_perms;
allow battery_daemons kmsg_device:chr_file rw_file_perms;
allow battery_daemons persist_subsys_file:file w_file_perms;
allow battery_daemons sysfs:file w_file_perms;
allow battery_daemons vendor_sysfs_battery_supply:file w_file_perms;
allow battery_daemons sysfs_usb:file w_file_perms;
allow battery_daemons vendor_sysfs_usb_supply:file w_file_perms;
allow battery_daemons vendor_sysfs_usbpd_device:file w_file_perms;
allow battery_daemons self:global_capability_class_set sys_tty_config;
allow battery_daemons self:global_capability_class_set sys_boot;
allow battery_daemons self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow battery_daemons self:capability { chown fsetid };
wakelock_use(battery_daemons)

18
sepolicy/vendor/batterysecret.te vendored Normal file
View File

@ -0,0 +1,18 @@
define(`batterysecret_sysfs', `{
vendor_sysfs_battery_supply
vendor_sysfs_usb_c
vendor_sysfs_usb_supply
vendor_sysfs_usbpd_device
}')
type batterysecret, domain;
type batterysecret_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(batterysecret)
allow batterysecret batterysecret_sysfs:dir search;
allow batterysecret batterysecret_sysfs:file rw_file_perms;
allow batterysecret kmsg_device:chr_file { getattr w_file_perms };
allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
wakelock_use(batterysecret)

View File

@ -4,9 +4,7 @@
/dev/mius(.*)? u:object_r:sound_device:s0 /dev/mius(.*)? u:object_r:sound_device:s0
# Battery # Battery
/vendor/bin/batteryd u:object_r:batteryd_exec:s0
/vendor/bin/batterysecret u:object_r:batterysecret_exec:s0 /vendor/bin/batterysecret u:object_r:batterysecret_exec:s0
/mnt/vendor/persist/subsys(/.*)? u:object_r:persist_subsys_file:s0
# Camera # Camera
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0 /mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0

View File

@ -7,6 +7,9 @@ genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display-primary u:object_r:ven
# Fingerprint # Fingerprint
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0 genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0
# USB
genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,ucsi/typec u:object_r:vendor_sysfs_usb_c:s0
# Wakeup nodes # Wakeup nodes
genfscon sysfs /devices/platform/goodix_ts.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/goodix_ts.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys6/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys6/wakeup u:object_r:sysfs_wakeup:s0