Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_device_qcom_sepolicy_vndr / 41d3d59345845198dd24c5d04257f80aa26799b6^2..41d3d59345845198dd24c5d04257f80aa26799b6 / .
commit41d3d59345845198dd24c5d04257f80aa26799b6[log] [tgz]
authorqctecmdr <qctecmdr@localhost>Thu Oct 26 02:44:13 2023 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>Thu Oct 26 02:44:13 2023 -0700
tree1a5e71bfed800d039653218a55f3f57252f7b87e
parentbaefc4edb8159cbb6354163fc669943eedf8bf46 [diff]
parent9c9f483c6d64e5ffb169c375cc8841d869b5273b [diff]
Merge "sepolicy : Fix vendor modprobe denial in trinket"
diff --git a/qva/vendor/kona/umdservice.te b/qva/vendor/kona/umdservice.te
index 0c6c596..46fc722 100644
--- a/qva/vendor/kona/umdservice.te
+++ b/qva/vendor/kona/umdservice.te

@@ -41,3 +41,6 @@
 #Allow the domain to access the configfs file and dir
 allow vendor_hal_umd_qti configfs:file r_file_perms;
 allow vendor_hal_umd_qti configfs:dir r_dir_perms;
+
+#allow the domain to access dmabuf
+allow vendor_hal_umd_qti dmabuf_system_heap_device:chr_file r_file_perms;

diff --git a/qva/vendor/trinket/bootanim.te b/qva/vendor/trinket/bootanim.te
new file mode 100644
index 0000000..6fea5d2
--- /dev/null
+++ b/qva/vendor/trinket/bootanim.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+binder_call(bootanim, vendor_hal_qspmhal_default)
+allow bootanim vendor_sysfs_kgsl_gpu_model:file r_file_perms;

diff --git a/qva/vendor/trinket/file.te b/qva/vendor/trinket/file.te
index 4e2b1fd..e253644 100644
--- a/qva/vendor/trinket/file.te
+++ b/qva/vendor/trinket/file.te

@@ -25,4 +25,9 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 type vendor_sysfs_fps_attr, fs_type, sysfs_type;
+type vendor_sysfs_uevent, fs_type, sysfs_type;

diff --git a/qva/vendor/trinket/file_contexts b/qva/vendor/trinket/file_contexts
index 01ba062..c004202 100644
--- a/qva/vendor/trinket/file_contexts
+++ b/qva/vendor/trinket/file_contexts

@@ -192,5 +192,8 @@
 /dev/msm_lsm_cdev     u:object_r:vendor_msm_lsm_cdev_device:s0
 /dev/msm_rtac  u:object_r:vendor_msm_rtac_device:s0
 /dev/msm_aac_in  u:object_r:vendor_media_aac_device:s0
+
 /dev/msm_evrc_in  u:object_r:vendor_media_evrc_device:s0
-/dev/msm_qcelp_in  u:object_r:vendor_media_qcelp_device:s0
\ No newline at end of file
+/dev/msm_qcelp_in  u:object_r:vendor_media_qcelp_device:s0
+
+/sys/devices/platform/soc/5900000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model               u:object_r:vendor_sysfs_kgsl_gpu_model:s0

diff --git a/qva/vendor/trinket/genfs_contexts b/qva/vendor/trinket/genfs_contexts
index 384659d..c70dccb 100644
--- a/qva/vendor/trinket/genfs_contexts
+++ b/qva/vendor/trinket/genfs_contexts

@@ -26,6 +26,10 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ###################################
 
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 #pmic sysfs_nodes
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc u:object_r:sysfs_rtc:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0
@@ -53,6 +57,46 @@
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/wakeup/wakeup u:object_r:sysfs_wakeup:s0
 
+# wakeup nodes listed from SuspendSepolicyTests.sh
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2c-0/0-000c/4a84000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel/wakeup12 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb/wakeup13 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup14 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery/wakeup15 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4e00000.ssusb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms/wakeup18 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/6080000.remoteproc-mss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/ab00000.remoteproc-adsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/b300000.remoteproc-cdsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2c-0/0-0028/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a88000.i2c/i2c-1/1-0020/synaptics_tcm.0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_aac/wakeup25 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_alac/wakeup26 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup27 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup28 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup29 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_ape/wakeup30 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup31 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup32 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup33 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup34 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup35 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup36 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wma/wakeup37 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup38 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup8 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup9 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/5800000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1610000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/tx-macro/tx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/4cc0000.qcom,qupv3_1_geni_se/4c90000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
+
 # USB device wakeup nodes
 genfscon sysfs /devices/platform/soc/4e00000.ssusb/wakeup/wakeup u:object_r:sysfs_wakeup:s0
 
@@ -84,3 +128,12 @@
 
 #net sysfs
 genfscon sysfs /devices/platform/soc/c800000.qcom,icnss/net u:object_r:sysfs_net:s0
+
+#camera sysfs
+genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@0/video4linux/video2/name u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@1/video4linux/video3/name u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@2/video4linux/video4/name u:object_r:vendor_sysfs_graphics:s0
+
+#uevent sysfs
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery/uevent u:object_r:vendor_sysfs_uevent:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms/uevent u:object_r:vendor_sysfs_uevent:s0

diff --git a/qva/vendor/trinket/hal_camera.te b/qva/vendor/trinket/hal_camera.te
index 094cb7e..15ab135 100644
--- a/qva/vendor/trinket/hal_camera.te
+++ b/qva/vendor/trinket/hal_camera.te

@@ -25,4 +25,8 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-binder_call(hal_camera, system_server)
\ No newline at end of file
+binder_call(hal_camera, system_server)
+
+get_prop(hal_camera_default, vendor_video_prop)
+get_prop(hal_camera_default, bootanim_system_prop)
+allow hal_camera_default vendor_membuf_dev:chr_file r_file_perms;

diff --git a/qva/vendor/trinket/hal_graphics_allocator_default.te b/qva/vendor/trinket/hal_graphics_allocator_default.te
new file mode 100644
index 0000000..fed16a3
--- /dev/null
+++ b/qva/vendor/trinket/hal_graphics_allocator_default.te

@@ -0,0 +1,6 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow hal_graphics_allocator_default vendor_sysfs_kgsl_gpu_model:file r_file_perms;
+allow hal_graphics_allocator_default vendor_dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default vendor_dmabuf_system_uncached_heap_device:chr_file r_file_perms;
\ No newline at end of file

diff --git a/qva/vendor/trinket/hal_vibrator_default.te b/qva/vendor/trinket/hal_vibrator_default.te
new file mode 100644
index 0000000..c62deed
--- /dev/null
+++ b/qva/vendor/trinket/hal_vibrator_default.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#hal_vibrator_default permission
+allow hal_vibrator_default vendor_qc_aon_prop:file { read };

diff --git a/qva/vendor/trinket/init_shell.te b/qva/vendor/trinket/init_shell.te
new file mode 100644
index 0000000..40565f9
--- /dev/null
+++ b/qva/vendor/trinket/init_shell.te

@@ -0,0 +1,6 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#init_shell
+allow vendor_qti_init_shell vendor_sysfs_uevent:file { setattr };
+allow vendor_qti_init_shell vendor_qc_aon_prop:file { open getattr map };

diff --git a/qva/vendor/trinket/surfaceflinger.te b/qva/vendor/trinket/surfaceflinger.te
new file mode 100644
index 0000000..0795921
--- /dev/null
+++ b/qva/vendor/trinket/surfaceflinger.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+binder_call(surfaceflinger, vendor_hal_qspmhal_default)
+allow surfaceflinger vendor_sysfs_kgsl_gpu_model:file r_file_perms;