diff options
-rw-r--r-- | bluejay-sepolicy.mk | 2 | ||||
-rw-r--r-- | bluejay/genfs_contexts | 5 | ||||
-rw-r--r-- | tracking_denials/bug_map | 19 | ||||
-rw-r--r-- | tracking_denials/dump_gsc.te | 3 | ||||
-rw-r--r-- | tracking_denials/hal_vibrator_default.te | 2 | ||||
-rw-r--r-- | vendor/device.te | 2 | ||||
-rw-r--r-- | vendor/file_contexts | 5 | ||||
-rw-r--r-- | vendor/ufs_firmware_update.te | 10 |
8 files changed, 47 insertions, 1 deletions
diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..ab9ac22 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,2 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay -BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts index 0e9b2a8..6b11056 100644 --- a/bluejay/genfs_contexts +++ b/bluejay/genfs_contexts @@ -4,3 +4,8 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# Storage +genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..5aa59ad --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1,19 @@ +derive_sdk mediaprovider_app dir b/264600240 +dump_pixel_metrics sysfs file b/268147280 +dump_ramdump radio_vendor_data_file file b/270247129 +dump_ramdump vendor_camera_data_file file b/270633115 +dump_stm sysfs_spi dir b/268147400 +dump_storage radio_vendor_data_file file b/269218359 +dump_storage vendor_slog_file file b/269218359 +dump_trusty modem_efs_file file b/277529247 +dumpstate app_zygote process b/238263942 +dumpstate system_data_file dir b/261932945 +hal_dumpstate_default dump_ramdump process b/270247072 +hal_power_default hal_power_default capability b/240632681 +hal_vibrator_default sysfs file b/264483668 +incidentd debugfs_wakeup_sources file b/238263518 +incidentd incidentd anon_inode b/268147248 +webview_zygote logdr_socket sock_file b/264600023 +webview_zygote resourcecache_data_file dir b/264600023 +webview_zygote tombstoned_crash_socket sock_file b/264600023 +webview_zygote zygote_exec file b/264600023 diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te new file mode 100644 index 0000000..1eb7ccf --- /dev/null +++ b/tracking_denials/dump_gsc.te @@ -0,0 +1,3 @@ +# b/265886512 +dontaudit dump_gsc radio_vendor_data_file:file { read }; +dontaudit dump_gsc radio_vendor_data_file:file { write }; diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 0000000..f634fe6 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,2 @@ +# b/275645961 +dontaudit hal_vibrator_default service_manager_type:service_manager find; diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..d2a91db --- /dev/null +++ b/vendor/device.te @@ -0,0 +1,2 @@ +# Block Devices +type fips_block_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..a273c79 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,5 @@ +# Binaries +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 + +# Devices +/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0 diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te new file mode 100644 index 0000000..53ceba5 --- /dev/null +++ b/vendor/ufs_firmware_update.te @@ -0,0 +1,10 @@ +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(ufs_firmware_update) + +allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; +allow ufs_firmware_update block_device:dir r_dir_perms; +allow ufs_firmware_update fips_block_device:blk_file rw_file_perms; +allow ufs_firmware_update sysfs:dir r_dir_perms; +allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; |