sepolicy: address vendor_init and wifi denials
Change-Id: Ib5eeef81b04f3fc5b246c39d38124f49759381e0
diff --git a/config/init/init.exynos9611.rc b/config/init/init.exynos9611.rc
index 11e47a4..c825c0c 100644
--- a/config/init/init.exynos9611.rc
+++ b/config/init/init.exynos9611.rc
@@ -189,22 +189,7 @@
# TEEGRIS service
mkdir /data/vendor/tee 0700 system system
-# Exynos Data folder
- mkdir /data/exynos 0771 root system
- mkdir /data/exynos/log 0771 root system
- mkdir /data/exynos/log/cbd 0771 root system
- mkdir /data/exynos/log/dmd 0771 root system
- mkdir /data/exynos/log/dump 0771 radio system
- mkdir /data/exynos/log/rild 0771 root system
- mkdir /data/exynos/log/sced 0771 root system
- mkdir /data/exynos/log/slog 0771 system system
- mkdir /data/exynos/log/vcd 0771 root system
- mkdir /data/exynos/log/chub 0771 root system
- mkdir /data/exynos/gnss 0771 system system
- mkdir /data/exynos/gnss/gps 0771 system system
-
# Log data folder
- mkdir /data/exynos/log 0771 radio system
mkdir /data/vendor 0771 root system
mkdir /data/vendor/log 0771 root system
mkdir /data/vendor/log/abox 0771 audioserver system
diff --git a/config/init/init.exynos9611.root.rc b/config/init/init.exynos9611.root.rc
index be259ca..07a1663 100644
--- a/config/init/init.exynos9611.root.rc
+++ b/config/init/init.exynos9611.root.rc
@@ -103,9 +103,6 @@
# sec_efs_file
mkdir /efs/sec_efs 0775 radio system
- # zram
- mkdir /data/zram 0700 root root
-
#BUS
chown system radio /sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/scaling_devfreq_min
chown system radio /sys/devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/available_frequencies
@@ -128,20 +125,6 @@
chmod 0664 /sys/class/input_booster/touchkey/freq
chmod 0664 /sys/class/input_booster/touchkey/time
- mkdir /data/log 0775 system log
- mkdir /data/log/bt 0770 bluetooth bluetooth
-
- mkdir /data/local/dsms 0710 dsms dsms
- rm /data/local/dsms/preboot.log
- write /data/local/dsms/preboot.log ""
- chown dsms dsms /data/local/dsms/preboot.log
- chmod 0620 /data/local/dsms/preboot.log
-
- mkdir /data/misc/spqr 0770 system shell
-
- #lpnetConfig AppSync
- mkdir /data/misc/lpnet 0700 system system
-
#MCPS
#ARGOS with MCPS
chown system system /sys/module/modem_argos_notifier/parameters/big_clat_rps
@@ -188,22 +171,8 @@
chown system system /sys/module/mcps/version
chown system system /proc/mcps/mcps_dump
- # [ Wi-Fi init
- # Create directory for hostapd
- mkdir /data/hostapd 0770 system wifi
-
- # give system access to wpa_supplicant.conf for backup and restore
- mkdir /data/misc/wifi 0770 wifi system
- mkdir /data/misc/wifi_share_profile 0771 wifi system
- mkdir /data/misc/wifi_hostapd 0771 wifi system
-
- mkdir /data/log/wifi/ 0775 system root
- mkdir /data/misc/reboot 0700 system system
chown system system /sys/kernel/ipv4/tcp_delack_seg
- # Wi-Fi temporary log Directory for Android Global DE policy
- mkdir /data/wifi/ 0770 system root
-
# change owner background io bigdata node for hqm write
chown system system /sys/fs/fsio/bgiostat/sec_stat
@@ -225,13 +194,6 @@
chown system system /sys/class/mstldo/mst_drv/mfc
chmod 0440 /sys/class/mstldo/mst_drv/mfc
- # Downloadable Filter
- mkdir /data/DownFilters 0775 system system
- mkdir /data/DownFilters/Lib 0775 system system
- mkdir /data/DownFilters/Lib64 0775 system system
- mkdir /data/DownFilters/Res 0775 system system
- mkdir /data/DownFilters/Tex 0775 system system
-
# MST Check Support
chown system system /sys/class/mstldo/mst_drv/support
chmod 0444 /sys/class/mstldo/mst_drv/support
@@ -242,25 +204,10 @@
# NFC KEY
mkdir /data/vendor/nfc 0770 nfc nfc
- mkdir /data/nfc_log 0750 nfc system
copy /system/etc/nfc_key /data/nfc/Key
chmod 660 /data/nfc/Key
chown nfc nfc /data/nfc/Key
- # Create all remaining /data root dirs so that they are made through init
- # and get proper encryption policy installed
- mkdir /data/backup 0700 system system
- mkdir /data/ss 0700 system system
-
- # TAD
- mkdir /data/tad 0770 system system
-
- # Samsung Pass
- mkdir /data/.fido 0700 system system
-
- # Samsung font
- mkdir /data/app_fonts 0775 system system
-
# super slow motion
mkdir /data/vendor/mediacodec 0700 mediacodec mediacodec
mkdir /data/vendor/mediacodec/fruc_files 0700 mediacodec mediacodec
diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te
index 83a0ad6..95666c1 100644
--- a/sepolicy/vendor/hal_wifi_default.te
+++ b/sepolicy/vendor/hal_wifi_default.te
@@ -1,5 +1,7 @@
# hal_wifi_default.te
+set_prop(hal_wifi_default, vendor_wlan_prop);
+
allow hal_wifi_default conn_vendor_data_file:dir search;
allow hal_wifi_default conn_vendor_data_file:file rw_file_perms;
allow hal_wifi_default wifi_vendor_data_file:dir search;
diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index 5a46935..8faf2cc 100644
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -7,5 +7,5 @@
allow kernel device:dir { add_name write };
allow kernel device:chr_file { create setattr getattr };
-allow kernel efs_file:dir search;
+r_dir_file(kernel, efs_file);
r_dir_file(kernel, app_efs_file);
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index ea940d3..5ad67e2 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,5 +1,10 @@
# property.te
+type persist_rmnet_prop, property_type;
+type persist_data_df_prop, property_type;
+type persist_data_wda_prop, property_type;
+
type vendor_camera_prop, property_type;
type vendor_factory_prop, property_type;
+type vendor_wlan_prop, property_type;
type vendor_wlbtd_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index bf17c29..3840f37 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -1,10 +1,20 @@
# property_contexts
+persist.rmnet. u:object_r:persist_rmnet_prop:s0
+persist.data.df. u:object_r:persist_data_df_prop:s0
+persist.data.wda. u:object_r:persist_data_wda_prop:s0
+
# CAMERA
persist.vendor.sys.camera. u:object_r:vendor_camera_prop:s0
# FACTORY
ro.factory.factory_binary u:object_r:vendor_factory_prop:s0
+# RADIO
+ro.radio.needcalibration u:object_r:vendor_radio_prop:s0
+
+# WLAN
+vendor.wlan. u:object_r:vendor_wlan_prop:s0
+
# WLBTD
vendor.wlbtd. u:object_r:vendor_wlbtd_prop:s0
diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te
index 07c4233..5c7c11e 100644
--- a/sepolicy/vendor/ueventd.te
+++ b/sepolicy/vendor/ueventd.te
@@ -3,3 +3,4 @@
allow ueventd self:capability sys_nice;
allow ueventd metadata_file:dir search;
+dontaudit ueventd gsi_metadata_file:dir search;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 9a58d64..9ee18f1 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -1,6 +1,12 @@
# vendor_init.te
set_prop(vendor_init, vold_prop);
+set_prop(vendor_init, ffs_prop);
+set_prop(vendor_init, persist_rmnet_prop);
+set_prop(vendor_init, persist_data_df_prop);
+set_prop(vendor_init, persist_data_wda_prop);
+
+get_prop(vendor_init, vendor_radio_prop);
allow vendor_init cgroup:file getattr;
allow vendor_init tmpfs:dir { write add_name };