--- /dev/null
+# cbd.te
+
+type cbd, domain;
+type cbd_exec, exec_type, vendor_file_type, file_type;
+
+allow cbd self:capability setuid;
+
+# cbd is started by init, type transit from init domain to cbd domain
+init_daemon_domain(cbd)
+
+# /dev/block/
+allow cbd block_device:dir search;
+
+# /data/vendor/log
+allow cbd log_vendor_data_file:dir search;
+
+# /data/vendor/log/cbd
+allow cbd log_cbd_vendor_data_file:dir create_dir_perms;
+allow cbd log_cbd_vendor_data_file:file create_file_perms;
+
+# /dev/block/platform/.+/by-name/radio
+allow cbd radio_block_device:blk_file r_file_perms;
+
+# /dev/kmsg
+allow cbd kmsg_device:chr_file rw_file_perms;
+
+# /dev/umts_*
+allow cbd vendor_radio_device:chr_file rw_file_perms;
+
+# /mnt/vendor/
+allow cbd mnt_vendor_file:dir search;
+
+# /mnt/vendor/efs/
+allow cbd efs_file:dir r_dir_perms;
+
+# /mnt/vendor/efs/factory.prop
+allow cbd efs_file:file r_file_perms;
+
+# /mnt/vendor/efs/nv_data.bin
+allow cbd bin_nv_data_efs_file:file r_file_perms;
+
+# /proc/cmdline
+allow cbd proc_cmdline:file r_file_perms;
+
+# /sys/power/wake_unlock
+allow cbd sysfs_wake_lock:file rw_file_perms;
+
+# /sys/devices/platform/10000.mif_pdata/sim/
+allow cbd sysfs_sim:dir r_dir_perms;
+allow cbd sysfs_sim:file r_file_perms;
+
+# /sys/devices/platform/10000.mif_pdata/sim/ds_detect
+allow cbd sysfs_sim_writable:file rw_file_perms;
+
+# kernel log
+allow cbd kernel:system syslog_read;
+
+# vendor.cbd.
+set_prop(cbd, vendor_cbd_prop)
+
+# FIXME: Can we be more specific?
+allow cbd vendor_shell_exec:file execute_no_trans;
+# FIXME END
type fp_sensor_device, dev_type;
type io_device, dev_type;
type ssp_device, dev_type;
+type vendor_radio_device, dev_type;
### DATA
type biometrics_vendor_data_file, file_type, data_file_type;
type conn_vendor_data_file, file_type, data_file_type;
+type log_vendor_data_file, file_type, data_file_type;
+type log_cbd_vendor_data_file, file_type, data_file_type;
type wifi_vendor_data_file, file_type, data_file_type;
# EFS
type sysfs_sec_key, sysfs_type, r_fs_type, fs_type;
type sysfs_sec_sensors, sysfs_type, r_fs_type, fs_type;
type sysfs_sec_touchscreen, sysfs_type, r_fs_type, fs_type;
+type sysfs_sim, sysfs_type, r_fs_type, fs_type;
type sysfs_sensors, sysfs_type, r_fs_type, fs_type;
type sysfs_wifi, sysfs_type, r_fs_type, fs_type;
type sysfs_lcd_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_power_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_sensors_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_sim_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_spi_writeable, sysfs_type, rw_fs_type, fs_type;
type sysfs_touchscreen_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_wifi_writable, sysfs_type, rw_fs_type, fs_type;
/data/vendor/biometrics(/.*)? u:object_r:biometrics_vendor_data_file:s0
/data/vendor/conn(/.*)? u:object_r:conn_vendor_data_file:s0
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
+/data/vendor/log(/.*)? u:object_r:log_vendor_data_file:s0
+/data/vendor/log/cbd(/.*)? u:object_r:log_cbd_vendor_data_file:s0
### DEV
/dev/block/platform/.+/by-name/cache u:object_r:cache_block_device:s0
/dev/batch_io u:object_r:io_device:s0
/dev/ssp_sensorhub u:object_r:ssp_device:s0
+/dev/umts_boot0 u:object_r:vendor_radio_device:s0
+/dev/umts_cass u:object_r:vendor_radio_device:s0
+/dev/umts_ipc[0-1] u:object_r:vendor_radio_device:s0
+/dev/umts_dm0 u:object_r:vendor_radio_device:s0
+/dev/umts_rfs0 u:object_r:vendor_radio_device:s0
+/dev/umts_router u:object_r:vendor_radio_device:s0
+
### EFS
/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
/efs/afc(/.*)? u:object_r:sec_efs_file:s0
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
### VENDOR
+/(vendor|system/vendor)/bin/cbd u:object_r:cbd_exec:s0
+
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@[0-9].[0-9]-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@[0-9].[0-9]-service\.samsung u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@[0-9].[0-9]-service\.exynos u:object_r:hal_power_default_exec:s0
--- /dev/null
+# property.te
+
+type vendor_cbd_prop, property_type;
+type vendor_radio_prop, property_type;
--- /dev/null
+### cbd
+vendor.cbd. u:object_r:vendor_cbd_prop:s0
+persist.vendor.cbd. u:object_r:vendor_radio_prop:s0
projects / GitHub / LineageOS / android_device_samsung_slsi_sepolicy.git / commitdiff