--- /dev/null
+get_prop(bootanim,userspace_reboot_exported_prop)
# gps
type gps_device, dev_type;
+
+# partition
+type tombstones_block_device, dev_type;
/dev/block/platform/11120000\.ufs/by-name/RADIO u:object_r:radio_block_device:s0
/dev/block/platform/11120000\.ufs/by-name/SYSTEM u:object_r:system_block_device:s0
/dev/block/platform/11120000\.ufs/by-name/USERDATA u:object_r:userdata_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/TOMBSTONES u:object_r:tombstones_block_device:s0
####################################
# efs files
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@[0-9]\.[0-9]-service\.basic u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@[0-9]\.[0-9]-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@[0-9]\.[0-9]-service u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android.hardware.nfc@1.2-service.samsung u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0
allow hal_audio_default imei_efs_file:file r_file_perms;
get_prop(hal_audio_default, vendor_radio_prop)
+set_prop(hal_audio_default, audio_prop)
allow hal_audio_default init:unix_stream_socket connectto;
# /sys/kernel/debug/dma_buf/footprint/[0-9]+
allow hal_graphics_composer_default debugfs_ion_dma:dir r_dir_perms;
allow hal_graphics_composer_default debugfs_ion_dma:file r_file_perms;
+
+# /data/log/hwc_error_log.txt
+dontaudit hal_graphics_composer_default system_data_file:dir rw_dir_perms;
+dontaudit hal_graphics_composer_default system_data_file:file { rw_file_perms create };
allow init netd:unix_stream_socket connectto;
allow init fwmarkd_socket:sock_file write;
allow init nfc:binder call;
-allow init nfc_device:chr_file ioctl;
+allow init nfc_device:chr_file rw_file_perms;
allow init efs_file:dir mounton;
allow init efs_block_device:lnk_file relabelto;
allow init tmpfs:lnk_file create;
allow init proc_reset_reason:file setattr;
allow init proc_swapiness:file open;
+dontaudit init hal_nfc_hwservice:hwservice_manager { add find };
+dontaudit init { system_file vendor_file }:file execute_no_trans;
+
+allow init hidl_base_hwservice:hwservice_manager add;
+allow init hwservicemanager:binder transfer;
+
unix_socket_connect(init, property, rild)
allow kernel app_efs_file:dir search;
-allow kernel app_efs_file:file open;
-allow kernel sensor_factoryapp_efs_file:file open;
+allow kernel app_efs_file:file rw_file_perms;
+allow kernel sensor_factoryapp_efs_file:file rw_file_perms;
allow kernel efs_file:dir search;
allow kernel device:chr_file { getattr setattr unlink create };
+allow kernel device:blk_file { create setattr };
allow kernel device:dir create_dir_perms;
allow kernel self:capability { mknod };
+
+allow kernel sysfs_virtual:dir search;
+allow kernel sysfs_virtual:file r_file_perms;
+dontaudit kernel self:capability { dac_override dac_read_search };
allow macloader sysfs_virtual:dir search;
+allow macloader self:capability { chown net_raw };
--- /dev/null
+get_prop(mediaserver,exported_camera_prop)
allow nfc sec_efs_file:dir search;
+
+dontaudit nfc init:binder { call transfer };
\ No newline at end of file
allow rild hal_audio_default:file r_file_perms;
# hwservice
-allow rild hal_sec_radio_hwservice:hwservice_manager add;
-allow rild hal_sec_radio_bridge_hwservice:hwservice_manager add;
-allow rild hal_sec_radio_channel_hwservice:hwservice_manager add;
+add_hwservice(rild,hal_sec_radio_hwservice)
+add_hwservice(rild,hal_sec_radio_bridge_hwservice)
+add_hwservice(rild,hal_sec_radio_channel_hwservice)
\ No newline at end of file
--- /dev/null
+set_prop(secril_config_svc,exported3_radio_prop)
+allow secril_config_svc factoryprop_efs_file:file r_file_perms;
allow system_server frp_block_device:blk_file rw_file_perms;
get_prop(system_server, vendor_radio_prop)
+get_prop(system_server, exported_camera_prop)
+get_prop(system_server, userspace_reboot_config_prop)
+get_prop(system_server, userspace_reboot_config_prop)
+get_prop(system_server, userspace_reboot_exported_prop)
--- /dev/null
+dontaudit vendor_init vendor_toolbox_exec:file entrypoint;
+allow vendor_init mobicore_data_file:dir getattr;
allow vold sysfs_mmc_host_writable:file write;
allow vold sysfs_scsi_host_writable:file write;
allow vold sysfs_virtual:file write;
+
+allow vold tombstones_block_device:blk_file rw_file_perms;
+
+dontaudit vold hal_bootctl_hwservice:hwservice_manager find;
--- /dev/null
+get_prop(zygote, exported_camera_prop)
projects / GitHub / exynos8895 / android_device_samsung_universal8895-common.git / commitdiff