Add sepolicy rules for kona Add sepolicy rules for kona Change-Id: Ic5daa5768a91abd4369fcbe6b7d067387047ceaf

commit: ffbe823904467bfec3ab4cb49830c7e37befb48a [log] [tgz]
author: Xinzheng Long <quic_xinzlong@quicinc.com> Thu Mar 02 15:56:01 2023 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> Tue Apr 11 18:49:10 2023 -0700
tree: 9191800202bad8ba2df18bf6fd8ad6bcfb66848e
parent: f1dfbfd16a816832f0bb50c075458fe72f130274 [diff]
diff --git a/qva/vendor/kona/genfs_contexts b/qva/vendor/kona/genfs_contexts
new file mode 100644
index 0000000..05332e4
--- /dev/null
+++ b/qva/vendor/kona/genfs_contexts

@@ -0,0 +1,90 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# vendor_sysfs_battery_supply nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/capacity  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/online  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/status  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/present  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/health  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/voltage_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_full  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/current_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/cycle_count  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/time_to_full_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_full_design  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_counter  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/temp  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/technology  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/online  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/online  u:object_r:vendor_sysfs_battery_supply:s0
+
+# vendor_sysfs_sd nodes
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:0/block/sda/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:1/block/sdb/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:2/block/sdc/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:3/block/sdd/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:4/block/sde/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:5/block/sdf/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+
+# vendor_sysfs_graphics nodes
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.2/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/extcon/extcon1/cable.1/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/extcon/extcon1/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.1/name u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.1/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.2/name  u:object_r:vendor_sysfs_graphics:s0
+
+# sysfs_wakeup nodes
+genfscon sysfs /devives/virtual/fastrpc/adsprpc-smd/wakeup4 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup28 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup/wakeup18 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup/wakeup2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup26 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup16  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150_rtc/wakeup/wakeup0  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup24  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/wakeup/wakeup9 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup14 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,qpnp-smb5/power_supply/battery/wakeup32  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup33  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup7  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a800000.ssusb/wakeup/wakeup12  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/wakeup30  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm-g711alaw/wakeup20  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c08000.qcom,pice/wakeup/wakeup5  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/wakeup29  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup19  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup/wakeup3  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup17  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/alarmtimer.0.auto/wakeup/wakeup1  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wma/wakeup25  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup15  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup23  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprcp-smd-secure/wakeup8  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_aac/wakeup13  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup31  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup21  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,spcom/wakeup/wakeup6  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup/wakeup11  u:object_r:sysfs_wakeup:s0
+
+#vendor_sysfs_graphics nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/blue/brightness  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/green/brightness  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/red/trigger  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/blue/trigger  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/green/trigger  u:object_r:vendor_sysfs_graphics:s0
+
+#vendor_sysfs_scsi_target nodes
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:1/scsi_generic  u:object_r:vendor_sysfs_scsi_target:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:2/scsi_generic  u:object_r:vendor_sysfs_scsi_target:s0
+
+#vendor_sysfs_ssr nodes
+genfscon sysfs /devices/platform/soc/17300000.remoteproc-adsp/remoteproc/remoteproc0/name  u:object_r:vendor_sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/8300000.remoteproc-cdsp/remoteproc/remoteproc1/name  u:object_r:vendor_sysfs_ssr:s0

diff --git a/qva/vendor/kona/hal_bootctl_default.te b/qva/vendor/kona/hal_bootctl_default.te
new file mode 100644
index 0000000..cab5878
--- /dev/null
+++ b/qva/vendor/kona/hal_bootctl_default.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for hal_boot_default
+allow hal_bootctl_default vendor_sysfs_scsi_target:dir { read open };

diff --git a/qva/vendor/kona/hal_health_default.te b/qva/vendor/kona/hal_health_default.te
new file mode 100644
index 0000000..2a1085a
--- /dev/null
+++ b/qva/vendor/kona/hal_health_default.te

@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow hal_health_default vendor_sysfs_battery_supply:file r_file_perms;

diff --git a/qva/vendor/kona/hal_light_default.te b/qva/vendor/kona/hal_light_default.te
new file mode 100644
index 0000000..c271485
--- /dev/null
+++ b/qva/vendor/kona/hal_light_default.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for hal_light_default permission
+allow hal_light_default vendor_sysfs_graphics:file { write r_file_perms };

diff --git a/qva/vendor/kona/init_shell.te b/qva/vendor/kona/init_shell.te
index 67bf3fc..23130ca 100644
--- a/qva/vendor/kona/init_shell.te
+++ b/qva/vendor/kona/init_shell.te

@@ -33,3 +33,14 @@
 allow vendor_qti_init_shell configfs:dir { create w_dir_perms };
 allow vendor_qti_init_shell configfs:file { create };
 allow vendor_qti_init_shell configfs:lnk_file { create };
+
+#for vendor_qti_init_shell to vendor_sysfs_sd permission
+allow vendor_qti_init_shell vendor_sysfs_sd:file { write };
+
+#for vendor_qti_init userdebug
+userdebug_or_eng(`
+    allow vendor_qti_init_shell vendor_qti_init_shell:lockdown { integrity };
+')
+
+#for vendor_qti_init to ctl_stop_prop permission
+set_prop(vendor_qti_init_shell,ctl_stop_prop);

diff --git a/qva/vendor/kona/kernel.te b/qva/vendor/kona/kernel.te
new file mode 100644
index 0000000..c9a3150
--- /dev/null
+++ b/qva/vendor/kona/kernel.te

@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for kernel userdebug
+userdebug_or_eng(`
+  allow kernel self:capability { sys_admin };
+')

diff --git a/qva/vendor/kona/sysfs.te b/qva/vendor/kona/sysfs.te
new file mode 100644
index 0000000..70edc88
--- /dev/null
+++ b/qva/vendor/kona/sysfs.te

@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for debugfs_tracing_debug
+userdebug_or_eng(`
+    allow init debugfs_tracing_debug:dir { mounton };
+')

diff --git a/qva/vendor/kona/vendor_init.te b/qva/vendor/kona/vendor_init.te
new file mode 100644
index 0000000..853b32b
--- /dev/null
+++ b/qva/vendor/kona/vendor_init.te

@@ -0,0 +1,6 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for init
+allow init vendor_sysfs_graphics:file { setattr w_file_perms };
+allow init vendor_spunvm_file:filesystem { unmount };

diff --git a/qva/vendor/kona/vendor_per_mgr.te b/qva/vendor/kona/vendor_per_mgr.te
new file mode 100644
index 0000000..89fcaa7
--- /dev/null
+++ b/qva/vendor/kona/vendor_per_mgr.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for vendor_per_mgr permission
+allow vendor_per_mgr vendor_sysfs_ssr:file r_file_perms;

diff --git a/qva/vendor/kona/vendor_per_proxy.te b/qva/vendor/kona/vendor_per_proxy.te
new file mode 100644
index 0000000..220addf
--- /dev/null
+++ b/qva/vendor/kona/vendor_per_proxy.te

@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for vendor_per_proxy permission
+allow vendor_per_proxy vendor_sysfs_ssr:file r_file_perms;

diff --git a/qva/vendor/kona/vendor_rmt_storage.te b/qva/vendor/kona/vendor_rmt_storage.te
new file mode 100644
index 0000000..b70dbad
--- /dev/null
+++ b/qva/vendor/kona/vendor_rmt_storage.te

@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow vendor_rmt_storage vendor_sysfs_ssr:file r_file_perms;
commit	ffbe823904467bfec3ab4cb49830c7e37befb48a	[log] [tgz]
author	Xinzheng Long <quic_xinzlong@quicinc.com>	Thu Mar 02 15:56:01 2023 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Tue Apr 11 18:49:10 2023 -0700
tree	9191800202bad8ba2df18bf6fd8ad6bcfb66848e
parent	f1dfbfd16a816832f0bb50c075458fe72f130274 [diff]