https://github.com/exynos8895/android_device_samsung_universal8895-common/commits/lineage-17.1/sepolicy
--- /dev/null
+allow adbd proc_last_kmsg:file r_file_perms;
--- /dev/null
+allow apexd sysfs_virtual:file rw_file_perms;
--- /dev/null
+allow cbd factoryprop_efs_file:file r_file_perms;
+allow cbd sysfs_info:file r_file_perms;
--- /dev/null
+get_prop(crash_dump, hwservicemanager_prop)
+get_prop(crash_dump, exported_camera_prop)
+
+allow crash_dump app_data_file:file read;
--- /dev/null
+# /dev/vfsspi
+type fingerprint_device, dev_type;
+
+# /dev/batch_io
+type sensor_device, dev_type;
+
+# /dev/s5p-smem
+type secmem_device, dev_type;
+
+# /dev/m2m1shot_scaler0
+type m2m1shot_device, dev_type;
+
+# gps
+type gps_device, dev_type;
--- /dev/null
+# domain.te
+
+# /sys/kernel/debug/mali
+allow domain debugfs_mali:dir search;
+
+# /sys/kernel/debug/mali/mem
+allow domain debugfs_mali_mem:dir search;
+
+# /sys/kernel/debug/dma_buf
+allow domain debugfs_ion_dma:dir search;
+
+# /sys/kernel/debug/ion
+allow domain debugfs_ion:dir search;
+
+# /sys/kernel/debug/tracing/trace_marker
+allow domain debugfs_trace_marker:file getattr;
--- /dev/null
+### efs types
+type radio_factoryapp_efs_file, file_type;
+type factoryprop_efs_file, file_type;
+type sensor_factoryapp_efs_file, file_type;
+type factorymode_factoryapp_efs_file, file_type;
+type baro_delta_factoryapp_efs_file, file_type;
+
+# gps
+type gps_socket, file_type;
+
+# debugfs types
+type debugfs_mali, fs_type, debugfs_type;
+type debugfs_mali_mem, fs_type, debugfs_type;
+type debugfs_ion, fs_type, debugfs_type;
+type debugfs_ion_dma, fs_type, debugfs_type;
+
+# proc
+type proc_extra, fs_type, proc_type;
+type proc_reset_reason, fs_type, proc_type;
+type proc_swapiness, fs_type, proc_type;
+
+# data types
+type display_vendor_data_file, file_type, data_file_type;
+type fingerprintd_vendor_data_file, data_file_type, file_type;
+type mediadrm_data_file, file_type, data_file_type;
+
+# sysfs types
+type sysfs_batteryinfo_charger_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_camera_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_decon, sysfs_type, r_fs_type, fs_type;
+type sysfs_gpu, sysfs_type, r_fs_type, fs_type;
+type sysfs_sec_switch, sysfs_type, r_fs_type, fs_type;
+type sysfs_socinfo, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_mfc, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_smfc, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_fimc, sysfs_type, r_fs_type, fs_type;
+type sysfs_graphics, fs_type, sysfs_type;
+type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_sec, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_gps, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_brightness, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_virtual, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_charger, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_modem, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_lcd, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_mmc_host_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_ss_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_usb_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_gpu_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_info, sysfs_type, r_fs_type, fs_type;
-/cpefs(/.*)? u:object_r:efs_file:s0
+####################################
+# Devices
+/cpefs(/.*)? u:object_r:efs_file:s0
+/dev/mali[0-9]* u:object_r:gpu_device:s0
+/dev/umts_ipc0 u:object_r:radio_device:s0
+/dev/fimg2d u:object_r:video_device:s0
+/dev/vfsspi u:object_r:fingerprint_device:s0
+/dev/sec-nfc u:object_r:nfc_device:s0
+
+/dev/cpuset(/.*)? u:object_r:cgroup:s0
+
+# camera
+/dev/m2m1shot_scaler0 u:object_r:m2m1shot_device:s0
+
+# usb
+/dev/android_ssusbcon(/.*)? u:object_r:usb_device:s0
+/dev/mtp_usb* u:object_r:mtp_device:s0
+/dev/usb(/.*)? u:object_r:usb_device:s0
+
+# adbroot and storaged
+/dev/stune(/.*)? u:object_r:cgroup:s0
+
+# zram
+/dev/block/zram0 u:object_r:swap_block_device:s0
+
+/dev/block/platform/11120000\.ufs/by-name/CACHE u:object_r:cache_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/CPEFS u:object_r:efs_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/EFS u:object_r:efs_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/KEYREFUGE u:object_r:keyrefuge_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/MISC u:object_r:misc_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/OMR u:object_r:omr_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/PERSISTENT u:object_r:frp_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/RADIO u:object_r:radio_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/SYSTEM u:object_r:system_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/USERDATA u:object_r:userdata_block_device:s0
+
+####################################
+# efs files
+/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
+/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
+/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
+/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/gyro_cal_data u:object_r:sensor_factoryapp_efs_file:s0
+
+/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
+/efs/nv.log u:object_r:bin_nv_data_efs_file:s0
+/efs/\.nv_core\.bak(.*) u:object_r:bin_nv_data_efs_file:s0
+/efs/wv\.keys u:object_r:cpk_efs_file:s0
+/efs/factory\.prop u:object_r:factoryprop_efs_file:s0
+/efs/TEE(/.*)? u:object_r:gatekeeper_efs_file:s0
+/efs/TEE/Store_1.tf u:object_r:gatekeeper_efs_file:s0
+
+####################################
+# data files
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+
+/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
+
+# livedisplay
+/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
+
+# drm
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_data_file:s0
+
+# mobicore
+/data/misc/mcRegistry(/.*)? u:object_r:mobicore_data_file:s0
+/data/vendor/mcRegistry(/.*)? u:object_r:mobicore_vendor_data_file:s0
+
+# camera
+/data/camera(/.*)? u:object_r:camera_data_file:s0
+
+####################################
+# sysfs files
+/sys/class/power_supply/battery/music -- u:object_r:sysfs:s0
+/sys/class/devfreq/17000010.devfreq_mif(/.*)? -- u:object_r:sysfs:s0
+
+# gps
+/sys/class/sec/gps/GPS_PWR_EN/value u:object_r:sysfs_gps:s0
+
+# charger
+/sys/devices/battery/power_supply(/.*) u:object_r:sysfs_charger:s0
+/sys/class/power_supply/max77865-charger(/.*) u:object_r:sysfs_charger:s0
+/sys/devices/platform/10940000\.hsi2c/i2c-11/11-003b/power_supply/mfc-charger(/.*) u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/otg(/.*)? u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger(/.*)? u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-fuelgauge/power_supply/max77865-fuelgauge(/.*)? u:object_r:sysfs_charger:s0
+
+# sec
+/sys/class/sec(/.*)? -- u:object_r:sysfs_sec:s0
+
+# virtual
+/sys/devices/virtual(/.*)? u:object_r:sysfs_virtual:s0
+
+# iio
+/sys/devices/platform/15b70000\.adc/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
+/sys/bus/iio/devices(/.*)? u:object_r:sysfs_iio:s0
+
+# Backlight/Notification LED control
+/sys/devices/platform/panel_drv@001/backlight/panel/brightness u:object_r:sysfs_graphics:s0
+/sys/devices/platform/panel_drv@001/backlight/panel/max_brightness u:object_r:sysfs_graphics:s0
+
+# camera
+/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
+
+# rild
+/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp:s0
+
+# mDNIe
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/lux u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/sensorRGB u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/accessibility u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/night_mode u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/mdnie_ldu u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/whiteRGB u:object_r:sysfs_mdnie:s0
+
+# input
+/sys/devices/platform/gpio_keys/input/input6(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/hall/input/input7(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/certify_hall/input/input8(/.*)? u:object_r:sysfs_input:s0
+
+# lcd
+/sys/devices/platform/panel_drv@001/lcd/panel/adaptive_control u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/alpm u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/dpui u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/dpui_dbg u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/lcd_type u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/lux u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/manufacture_code u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/temperature u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/window_type u:object_r:sysfs_lcd:s0
+
+# modem
+/sys/module/modem_ctrl_ss310ap/parameters/ds_detect u:object_r:sysfs_modem:s0
+
+# ZRAM
+/sys/devices/virtual/block/zram0/mm_stat u:object_r:sysfs_zram:s0
+
+
+# Lineage hals
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@[0-9]\.[0-9]-service\.universal8895 u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
+
+### VENDOR
+/(vendor|system/vendor)/bin/vendor\.samsung\.hardware\.security\.widevine\.keyprovisioning@[0-9]\.[0-9]-service u:object_r:hal_drm_widevine_exec:s0
+
+/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
+/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0
+/(vendor|system/vendor)/bin/hw/macloader u:object_r:macloader_exec:s0
+/(vendor|system/vendor)/bin/mcDriverDaemon u:object_r:tee_exec:s0
+
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@[0-9]\.[0-9]-service\.samsung u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@[0-9]\.[0-9]-service\.basic u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@[0-9]\.[0-9]-service u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@[0-9]\.[0-9]-service u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0
--- /dev/null
+allow fsck cache_file:dir getattr;
+allow fsck sysfs_battery:dir search;
+allow fsck tmpfs:blk_file getattr;
+allow fsck efs_block_device:blk_file rw_file_perms;
--- /dev/null
+# DEBUGFS
+genfscon debugfs /mali/ u:object_r:debugfs_mali:s0
+genfscon debugfs /mali/mem/ u:object_r:debugfs_mali_mem:s0
+
+# ion debugfs
+genfscon debugfs /ion/ u:object_r:debugfs_ion:s0
+genfscon debugfs /dma_buf u:object_r:debugfs_ion_dma:s0
+
+# PROC
+genfscon proc /extra u:object_r:proc_extra:s0
+genfscon proc /reset_reason u:object_r:proc_reset_reason:s0
+genfscon proc /sys/vm/swappiness u:object_r:proc_swapiness:s0
+
+# SYSFS
+
+# class
+genfscon sysfs /class/camera u:object_r:sysfs_camera:s0
+genfscon sysfs /class/input/input4 u:object_r:sysfs_sensors:s0
+genfscon sysfs /class/input/input6 u:object_r:sysfs_sensors:s0
+genfscon sysfs /class/video4linux u:object_r:sysfs_v4l:s0
+
+# devices
+genfscon sysfs /devices/virtual/sec/led/led_blink u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/108e0000.hsi2c/i2c-5/5-0049/input/ u:object_r:sysfs_touchscreen_writable:s0
+genfscon sysfs /devices/platform/10970000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/108c0000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/10460000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/164b0000.pinctrl/gpio/gpio13/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /devices/platform/11430000.pinctrl/gpio/gpio81/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /devices/platform/10980000.pinctrl/gpio/gpio216/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /module/modem_ctrl_ss310ap/parameters/ds_detect u:object_r:sysfs_sim_writable:s0
+genfscon sysfs /devices/platform/11500000.dwmmc2/mmc_host u:object_r:sysfs_mmc_host_writable:s0
+genfscon sysfs /devices/platform/11120000.ufs/host0 u:object_r:sysfs_scsi_host_writable:s0
+genfscon sysfs /devices/platform/15b50000.speedy/i2c-14/14-0000/s2mps17-rtc/rtc u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger/chip_id u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/otg/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-fuelgauge/power_supply/max77865-fuelgauge/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10940000.hsi2c/i2c-11/11-003b/power_supply/mfc-charger u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/12ca0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cb0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cc0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cd0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12ce0000.fimc_is/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/13ce0000.mfc0/video4linux u:object_r:sysfs_v4l_mfc:s0
+genfscon sysfs /devices/platform/13b00000.smfc/video4linux u:object_r:sysfs_v4l_smfc:s0
+genfscon sysfs /devices/platform/12860000.decon_f u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12860000.decon_f/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/12a30000.decon_s u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12a30000.decon_s/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/12a40000.decon_t u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12a40000.decon_t/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/bluetooth/rfkill/rfkill0/state u:object_r:sysfs_bt_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/batt_capacity_max u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/status u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ac/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/wireless/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ps/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ps/status u:object_r:sysfs_battery_writable:s0
+
+genfscon sysfs /devices/soc0/soc_id u:object_r:sysfs_socinfo:s0
+genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_ss_writable:s0
+
+genfscon sysfs /devices/virtual/android_usb/android0 u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/camera u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/virtual/camera/rear/fw_update u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/camera/rear/ssrm_camera_info u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/camera/flash/rear_flash u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/input/input3 u:object_r:sysfs_sensors_writable:s0
+genfscon sysfs /devices/virtual/input/input4 u:object_r:sysfs_sensors_writable:s0
+
+genfscon sysfs /devices/virtual/sec/switch u:object_r:sysfs_sec_switch:s0
+genfscon sysfs /devices/virtual/sec/sensorhub/mcu_power u:object_r:sysfs_sensorhub_writable:s0
+genfscon sysfs /devices/virtual/usb_notify/usb_control/usb_hw_param u:object_r:sysfs_usb_writable:s0
+
+genfscon sysfs /firmware/devicetree/base/argos u:object_r:sysfs_argos:s0
+genfscon sysfs /firmware/devicetree/base/model_info-system_rev u:object_r:sysfs_info:s0
+
+genfscon sysfs /kernel/gpu/ u:object_r:sysfs_gpu:s0
+genfscon sysfs /kernel/gpu/gpu_max_clock u:object_r:sysfs_gpu_writable:s0
+genfscon sysfs /kernel/gpu/gpu_min_clock u:object_r:sysfs_gpu_writable:s0
--- /dev/null
+allow hal_audio_default property_socket:sock_file write;
+allow hal_audio_default rild:unix_stream_socket connectto;
+allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
+
+# /efs/maxim/rdc_cal
+allow hal_audio_default efs_file:file r_file_perms;
+allow hal_audio_default efs_file:dir search;
+
+allow hal_audio_default imei_efs_file:dir search;
+allow hal_audio_default imei_efs_file:file r_file_perms;
+
+get_prop(hal_audio_default, vendor_radio_prop)
+
+allow hal_audio_default init:unix_stream_socket connectto;
--- /dev/null
+allow hal_bluetooth_default vendor_default_prop:property_service set;
+allow hal_bluetooth_default vendor_firmware_file:dir r_dir_perms;
--- /dev/null
+vndbinder_use(hal_camera_default)
+
+allow hal_camera_default vndbinder_device:chr_file r_file_perms;
+allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_camera_default hal_graphics_composer_default:fd use;
+allow hal_camera_default sysfs_virtual:dir search;
+allow hal_camera_default sysfs_virtual:file rw_file_perms;
+allow hal_camera_default sysfs_camera:dir search;
+allow hal_camera_default sysfs_camera:file rw_file_perms;
+allow hal_camera_default camera_data_file:dir search;
+
+get_prop(hal_camera_default, exported_camera_prop)
+
+binder_call(hal_camera_default, system_server)
+binder_call(system_server, hal_camera_default)
--- /dev/null
+# policy for /vendor/bin/hw/android.hardware.drm clearkey service
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+
+allow hal_drm_clearkey mediadrm_data_file:dir create_dir_perms;
+allow hal_drm_clearkey mediadrm_data_file:file create_file_perms;
--- /dev/null
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_widevine)
+
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+vndbinder_use(hal_drm_widevine);
+
+allow hal_drm_widevine mediacodec:fd use;
+allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine hal_allocator_server:fd use;
+
+allow hal_drm_widevine mediadrm_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_data_file:file create_file_perms;
+allow hal_drm_widevine media_data_file:dir search;
+allow hal_drm_widevine vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine vendor_data_file:file create_file_perms;
+
+allow hal_drm_widevine cpk_efs_file:file r_file_perms;
+allow hal_drm_widevine efs_file:dir search;
+
+allow hal_drm_widevine secmem_device:chr_file rw_file_perms;
--- /dev/null
+allow hal_fingerprint_default fingerprintd_data_file:dir write;
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+allow hal_fingerprint_default sysfs_virtual:dir search;
+allow hal_fingerprint_default sysfs_virtual:file r_file_perms;
--- /dev/null
+allow hal_gatekeeper_default gatekeeper_efs_file:file rw_file_perms;
+allow hal_gatekeeper_default gatekeeper_efs_file:dir search;
+allow hal_gatekeeper_default efs_file:dir search;
--- /dev/null
+# cgroups tasks
+allow hal_gnss_default cgroup:file getattr;
+
+# /data/vendor/gps
+allow hal_gnss_default gps_vendor_data_file:dir rw_dir_perms;
+allow hal_gnss_default gps_vendor_data_file:file create_file_perms;
+allow hal_gnss_default gps_vendor_data_file:fifo_file create_file_perms;
+
+# /mnt/vendor
+allow hal_gnss_default mnt_vendor_file:dir search;
+
+# vndbinder
+allow hal_gnss_default vndbinder_device:chr_file rw_file_perms;
+
+# Connect to socket
+allow hal_gnss_default gpsd:unix_stream_socket connectto;
--- /dev/null
+allow hal_graphics_allocator_default cgroup:file rw_file_perms;
+
+vndbinder_use(hal_graphics_allocator_default)
+
+# /sys/kernel/debug/dma_buf/footprint/[0-9]+
+allow hal_graphics_allocator_default debugfs_ion_dma:dir r_dir_perms;
+allow hal_graphics_allocator_default debugfs_ion_dma:file r_file_perms;
--- /dev/null
+hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
+
+vndbinder_use(hal_graphics_composer_default)
+
+allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+allow hal_graphics_composer_default vendor_surfaceflinger_vndservice:service_manager { add find };
+
+# cgroup tasks
+allow hal_graphics_composer_default cgroup:file getattr;
+
+# /data/vendor/log/hwc
+allow hal_graphics_composer_default log_vendor_data_file:dir rw_dir_perms;
+allow hal_graphics_composer_default log_vendor_data_file:file create_file_perms;
+
+# /dev/g2d
+allow hal_graphics_composer_default graphics_device:chr_file rw_file_perms;
+
+# /dev/video50
+allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
+
+# /sys/devices/soc0/revision
+allow hal_graphics_composer_default sysfs_socinfo:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_socinfo:file r_file_perms;
+
+# /sys/devices/platform/12860000.decon_f/psr_info
+allow hal_graphics_composer_default sysfs_decon:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_decon:file r_file_perms;
+
+# /sys/devices/platform/12860000.decon_f/vsync
+allow hal_graphics_composer_default sysfs_ss_writable:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_ss_writable:file r_file_perms;
+
+# /sys/kernel/debug/dma_buf/footprint/[0-9]+
+allow hal_graphics_composer_default debugfs_ion_dma:dir r_dir_perms;
+allow hal_graphics_composer_default debugfs_ion_dma:file r_file_perms;
--- /dev/null
+r_dir_file(hal_health_default, sysfs_charger)
+
+allow hal_health_default sysfs_charger:file rw_file_perms;
+allow hal_health_default sysfs_battery:dir r_dir_perms;
+allow hal_health_default sysfs_battery:file r_file_perms;
+allow hal_health_default sysfs_battery_writable:dir search;
+allow hal_health_default sysfs_battery_writable:file r_file_perms;
+allow hal_health_default sysfs_batteryinfo_charger_writable:dir search;
--- /dev/null
+allow hal_light_default sysfs_graphics:file rw_file_perms;
+allow hal_light_default sysfs_virtual:dir search;
+allow hal_light_default sysfs_virtual:file rw_file_perms;
--- /dev/null
+# Allow LiveDisplay to store files under /data/vendor/display and access them
+allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms;
+allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms;
+
+# Allow LiveDisplay to read and write to files in sysfs_graphics, sysfs_mdnie
+allow hal_lineage_livedisplay_sysfs sysfs_mdnie:dir search;
+allow hal_lineage_livedisplay_sysfs sysfs_mdnie:file rw_file_perms;
--- /dev/null
+# hal_nfc_default.te
+init_daemon_domain(hal_nfc_default)
+
+# /system/etc/event-log-tags
+allow nfc runtime_event_log_tags_file:file getattr;
+
+allow hal_nfc_default hal_nfc_hwservice:hwservice_manager add;
+
+# vendor.nfc.fw.
+set_prop(hal_nfc_default, vendor_nfc_prop)
--- /dev/null
+allow hal_power_default sysfs_graphics:file r_file_perms;
+allow hal_power_default sysfs_input:file r_file_perms;
+allow hal_power_default sysfs_virtual:dir r_dir_perms;
+allow hal_power_default sysfs_virtual:file r_file_perms;
+allow hal_power_default sysfs_spi_writeable:dir r_dir_perms;
+allow hal_power_default sysfs_spi_writeable:file rw_file_perms;
+allow hal_power_default sysfs_touchscreen_writable:dir r_dir_perms;
--- /dev/null
+allow hal_sensors_default sysfs_iio:file r_file_perms;
+allow hal_sensors_default sysfs_iio:lnk_file read;
+allow hal_sensors_default sysfs_virtual:dir r_dir_perms;
+allow hal_sensors_default sysfs_virtual:file rw_file_perms;
+allow hal_sensors_default sysfs_virtual:lnk_file read;
+allow hal_sensors_default sysfs_lcd:file r_file_perms;
+allow hal_sensors_default baro_delta_factoryapp_efs_file:file r_file_perms;
+allow hal_sensors_default sysfs_input:file read;
+allow hal_sensors_default sysfs_spi_writeable:file rw_file_perms;
--- /dev/null
+allow hal_vibrator_default sysfs_virtual:dir search;
+allow hal_vibrator_default sysfs_virtual:file rw_file_perms;
--- /dev/null
+allow hal_wifi_default conn_vendor_data_file:dir search;
--- /dev/null
+allow hal_wifi_hostapd_default sysfs_virtual:dir search;
+allow hal_wifi_hostapd_default sysfs_virtual:lnk_file r_file_perms;
--- /dev/null
+type hal_sec_radio_hwservice, hwservice_manager_type;
+type hal_sec_radio_bridge_hwservice, hwservice_manager_type;
+type hal_sec_radio_channel_hwservice, hwservice_manager_type;
+
+type hal_vendor_eden_runtime_hwservice, hwservice_manager_type;
+type hal_vendor_multiframeprocessing_hwservice, hwservice_manager_type;
+type hal_vendor_iva_hwservice, hwservice_manager_type;
--- /dev/null
+vendor.samsung.hardware.radio::ISehRadio u:object_r:hal_sec_radio_hwservice:s0
+vendor.samsung.hardware.radio.bridge::ISehBridge u:object_r:hal_sec_radio_bridge_hwservice:s0
+vendor.samsung.hardware.radio.channel::ISehChannel u:object_r:hal_sec_radio_channel_hwservice:s0
+
+vendor.samsung.hardware.camera.provider::ISehCameraProvider u:object_r:hal_camera_hwservice:s0
+vendor.samsung.hardware.gnss::ISecGnss u:object_r:hal_gnss_hwservice:s0
+vendor.samsung.hardware.nfc::ISecNfc u:object_r:hal_nfc_hwservice:s0
+vendor.samsung_slsi.hardware.MultiFrameProcessing20::IMultiFrameProcessing20 u:object_r:hal_vendor_multiframeprocessing_hwservice:s0
+vendor.samsung_slsi.hardware.eden_runtime::IEdenruntime u:object_r:hal_vendor_eden_runtime_hwservice:s0
+vendor.samsung_slsi.hardware.iva::IIvaService u:object_r:hal_vendor_iva_hwservice:s0
--- /dev/null
+allow init rild:unix_stream_socket connectto;
+allow init self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow init socket_device:sock_file create_file_perms;
+allow init sysfs_devices_system_cpu:file write;
+allow init vendor_data_file:fifo_file write;
+allow init vendor_data_file:file append;
+allow init dnsproxyd_socket:sock_file write;
+allow init fwk_sensor_hwservice:hwservice_manager find;
+allow init hwservicemanager:binder call;
+allow init netd:unix_stream_socket connectto;
+allow init fwmarkd_socket:sock_file write;
+allow init nfc:binder call;
+allow init nfc_device:chr_file ioctl;
+allow init efs_file:dir mounton;
+allow init efs_block_device:lnk_file relabelto;
+allow init tmpfs:lnk_file create;
+
+allow init sysfs_virtual:file create_file_perms;
+allow init sysfs_virtual:lnk_file { read };
+allow init sysfs:file setattr;
+allow init sysfs_multipdp:file setattr;
+allow init sysfs_camera:file setattr;
+allow init sysfs_charger:file setattr;
+allow init sysfs_input:file setattr;
+allow init sysfs_lcd:file setattr;
+allow init sysfs_mdnie:file setattr;
+allow init sysfs_modem:file w_file_perms;
+allow init sysfs_battery_writable:file setattr;
+allow init sysfs_mmc_host_writable:file setattr;
+allow init sysfs_scsi_host_writable:file setattr;
+allow init sysfs_power_writable:file setattr;
+allow init sysfs_bt_writable:file setattr;
+allow init sysfs_graphics:file create_file_perms;
+allow init sysfs_touchscreen_writable:file setattr;
+
+allow init system_server:binder { transfer call };
+allow init device:chr_file ioctl;
+allow init self:tcp_socket create_socket_perms;
+allow init node:tcp_socket node_bind;
+allow init port:tcp_socket { name_bind name_connect };
+allow init gps_vendor_data_file:fifo_file write;
+allow init gps_vendor_data_file:file lock;
+allow init socket_device:sock_file create_file_perms;
+allow init kernel:system module_request;
+
+allow init proc:file setattr;
+allow init proc_swapiness:file write;
+allow init proc_extra:file setattr;
+allow init proc_reset_reason:file setattr;
+allow init proc_swapiness:file open;
+
+unix_socket_connect(init, property, rild)
--- /dev/null
+allow kernel app_efs_file:dir search;
+allow kernel app_efs_file:file open;
+allow kernel sensor_factoryapp_efs_file:file open;
+allow kernel efs_file:dir search;
+
+allow kernel device:chr_file { getattr setattr unlink create };
+allow kernel device:dir create_dir_perms;
+allow kernel self:capability { mknod };
--- /dev/null
+allow lhd sysfs_virtual:dir search;
+allow lhd sysfs_virtual:file rw_file_perms;
+allow lhd sysfs_virtual:lnk_file read;
+allow lhd efs_file:dir search;
--- /dev/null
+allow macloader sysfs_virtual:dir search;
--- /dev/null
+# /sys/class/video4linux/video6/name
+allow mediacodec sysfs_v4l:dir r_dir_perms;
+allow mediacodec sysfs_v4l_mfc:dir search;
+allow mediacodec sysfs_v4l_mfc:file r_file_perms;
--- /dev/null
+allow netd self:capability sys_module;
+allow netd init:tcp_socket rw_socket_perms_no_ioctl;
+
+allow netd sysfs_virtual:dir search;
+allow netd sysfs_virtual:file w_file_perms;
--- /dev/null
+allow nfc sec_efs_file:dir search;
--- /dev/null
+# /dev/mali0
+allow platform_app gpu_device:chr_file rw_file_perms;
--- /dev/null
+# /dev/mali0
+allow priv_app gpu_device:chr_file rw_file_perms;
+
+allow priv_app debugfs_ion:dir search;
+allow priv_app debugfs_mali:dir search;
+allow priv_app debugfs_mali_mem:dir search;
+
+allow priv_app sysfs_zram:file r_file_perms;
--- /dev/null
+# modemloader
+type modemloader_prop, property_type;
+
+type persist_rmnet_prop, property_type;
+type persist_data_df_prop, property_type;
+type persist_data_wda_prop, property_type;
+
+type vendor_camera_prop, property_type;
+type vendor_factory_prop, property_type;
+type vendor_gps_prop, property_type;
+type vendor_nfc_prop, property_type;
--- /dev/null
+# bluetooth
+persist.bluetooth_fw_ver u:object_r:bluetooth_prop:s0
+ro.bluetooth.tty u:object_r:bluetooth_prop:s0
+wc_transport. u:object_r:bluetooth_prop:s0
+
+# modemloader
+hw.revision u:object_r:modemloader_prop:s0
+ro.cbd.dt_revision u:object_r:modemloader_prop:s0
+ril.cbd.dt_revision u:object_r:modemloader_prop:s0
+ro.modemloader.done u:object_r:modemloader_prop:s0
+
+persist.rmnet. u:object_r:persist_rmnet_prop:s0
+persist.data.df. u:object_r:persist_data_df_prop:s0
+persist.data.wda. u:object_r:persist_data_wda_prop:s0
+
+# CAMERA
+persist.vendor.sys.camera. u:object_r:vendor_camera_prop:s0
+
+# GPS
+ro.spid.gps. u:object_r:vendor_gps_prop:s0
+
+# NFC
+vendor.nfc.fw. u:object_r:vendor_nfc_prop:s0
+
+# RADIO
+persist.ril. u:object_r:radio_prop:s0
+vendor.gsm. u:object_r:vendor_radio_prop:s0
+
+# FACTORY
+ro.factory.factory_binary u:object_r:vendor_factory_prop:s0
--- /dev/null
+allow rild proc_net:file write;
+allow rild vendor_data_file:file create_file_perms;
+
+# /dev/umts_ipc0
+allow rild radio_device:chr_file ioctl;
+
+allow rild bin_nv_data_efs_file:file create_file_perms;
+
+allow rild radio_vendor_data_file:file create_file_perms;
+allow rild radio_vendor_data_file:dir rw_dir_perms;
+allow rild radio_data_file:file rw_file_perms;
+allow rild radio_data_file:dir search;
+
+allow rild proc_qtaguid_stat:file read;
+
+allow rild factoryprop_efs_file:file rw_file_perms;
+
+allow rild init:file getattr;
+
+# binder
+allow rild hal_radio_default:binder call;
+
+# audio
+allow rild hal_audio_default:dir search;
+allow rild hal_audio_default:file r_file_perms;
+
+# hwservice
+allow rild hal_sec_radio_hwservice:hwservice_manager add;
+allow rild hal_sec_radio_bridge_hwservice:hwservice_manager add;
+allow rild hal_sec_radio_channel_hwservice:hwservice_manager add;
--- /dev/null
+# /dev/mali0
+allow surfaceflinger gpu_device:chr_file rw_file_perms;
--- /dev/null
+# /dev/mali0
+allow system_app gpu_device:chr_file rw_file_perms;
+
+allow system_app proc_pagetypeinfo:file r_file_perms;
+allow system_app sysfs_virtual:dir search;
--- /dev/null
+# /dev/mali0
+allow system_server gpu_device:chr_file rw_file_perms;
+
+# memtrack HAL
+allow system_server debugfs_mali:dir r_dir_perms;
+allow system_server debugfs_mali:file r_file_perms;
+allow system_server debugfs_ion:file r_file_perms;
+allow system_server debugfs_mali_mem:file r_file_perms;
+
+allow system_server frp_block_device:blk_file rw_file_perms;
+
+get_prop(system_server, vendor_radio_prop)
--- /dev/null
+allow toolbox ram_device:blk_file rw_file_perms;
--- /dev/null
+allow ueventd self:capability sys_nice;
--- /dev/null
+# /efs
+allow vold efs_file:dir r_dir_perms;
+
+allow vold sysfs_mmc_host_writable:file write;
+allow vold sysfs_scsi_host_writable:file write;
+allow vold sysfs_virtual:file write;
projects / GitHub / exynos8895 / android_device_samsung_universal8895-common.git / commitdiff