universal7580: sepolicy: Update for 11

author Danny Wood <danwood76@gmail.com>

Thu, 28 Jan 2021 14:45:42 +0000 (14:45 +0000)

committer Danny Wood <danwood76@gmail.com>

Tue, 6 Apr 2021 08:12:33 +0000 (10:12 +0200)
author Danny Wood <danwood76@gmail.com>
Thu, 28 Jan 2021 14:45:42 +0000 (14:45 +0000)
committer Danny Wood <danwood76@gmail.com>
Tue, 6 Apr 2021 08:12:33 +0000 (10:12 +0200)
diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te

index 6185843ed220bad385f361e83e38dd92321ceacf..002ec7150bee9573352c6b2edf1bf36bb643dfe9 100644 (file)
--- a/sepolicy/fsck.te
+++ b/sepolicy/fsck.te
@@ -1,3 +1,3 @@
  # /dev/block/mmcblk0p[0-9]*
  allow fsck emmcblk_device:blk_file rw_file_perms;
-allowxperm fsck emmcblk_device:blk_file ioctl { BLKDISCARDZEROES BLKROGET };
+allowxperm fsck emmcblk_device:blk_file ioctl { BLKGETSIZE64 BLKDISCARDZEROES BLKROGET };
diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te

index 60c4c2b32c36b5de8fa88e03bac63861b18ccf6f..7af7a6ac11bbebad2e6c13d08d13c77ab20cd714 100644 (file)
--- a/sepolicy/gpsd.te
+++ b/sepolicy/gpsd.te
@@ -13,7 +13,10 @@ unix_socket_connect(gpsd, property, netd)
  allow gpsd system_server:unix_stream_socket rw_socket_perms;
  
  binder_call(gpsd, system_server)
-binder_use(gpsd)
+binder_call(gpsd, system_suspend_server)
+hwbinder_use(gpsd)
+
+allow gpsd system_suspend_hwservice:hwservice_manager { find };
  
  # Sockets
  type_transition gpsd gps_data_file:sock_file gps_socket;
diff --git a/sepolicy/hal_graphics_composer.te b/sepolicy/hal_graphics_composer.te

index 1916c0afdcb37e4e42c59f92dafcc724bc655bb0..bfea7e38466df05e26f89e6a1c47e0febce9de05 100644 (file)
--- a/sepolicy/hal_graphics_composer.te
+++ b/sepolicy/hal_graphics_composer.te
@@ -1,3 +1,5 @@
+vndbinder_use(hal_graphics_composer_default);
+
  # Graphics sysfs
  allow hal_graphics_composer_default sysfs_graphics:dir  search;
  allow hal_graphics_composer_default sysfs_graphics:file rw_file_perms;
@@ -5,3 +7,5 @@ allow hal_graphics_composer_default sysfs_graphics:file rw_file_perms;
  # uevent socket
  allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
  
+# Video devices
+allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te

new file mode 100644 (file)

index 0000000..7fadfd8
--- /dev/null
+++ b/sepolicy/hwservicemanager.te
@@ -0,0 +1,5 @@
+# gpsd
+#allow hwservicemanager gpsd:dir search;
+#allow hwservicemanager gpsd:file { read open };
+#allow hwservicemanager gpsd:process getattr;
+#allow hwservicemanager gpsd:binder transfer;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te

index 4da2966de99f4605d45af4ceaf188478c9a4c838..d5f06a575d4fc9d2b7a32424bac269a2db2cae9f 100644 (file)
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -6,3 +6,6 @@ allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms };
  
  allow vold sysfs_mmc:file w_file_perms;
  r_dir_file(vold, proc_dt_firmware)
+
+# sswap
+allow vold sysfs_sswap:file w_file_perms;
author	Danny Wood <danwood76@gmail.com>
	Thu, 28 Jan 2021 14:45:42 +0000 (14:45 +0000)
committer	Danny Wood <danwood76@gmail.com>
	Tue, 6 Apr 2021 08:12:33 +0000 (10:12 +0200)
sepolicy/fsck.te		patch \| blob \| blame \| history
sepolicy/gpsd.te		patch \| blob \| blame \| history
sepolicy/hal_graphics_composer.te		patch \| blob \| blame \| history
sepolicy/hwservicemanager.te	[new file with mode: 0644]	patch \| blob
sepolicy/vold.te		patch \| blob \| blame \| history