--- /dev/null
+type cass, domain;
+type cass_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(cass)
+
+allow cass kmsg_device:chr_file getattr;
+allow cass vendor_radio_device:chr_file rw_file_perms;
+
+wakelock_use(cass)
+get_prop(cass, vendor_vaultkeeper_prop)
+
+allow cass vaultkeeperd_socket:dir search;
+unix_socket_connect(cass, vaultkeeperd, vaultkeeperd)
type omr_block_device, dev_type;
type radio_block_device, dev_type;
type sec_efs_block_device, dev_type;
+type steady_block_device, dev_type;
type vbmeta_block_device, dev_type;
type bbd_device, dev_type;
# SOCKETS
type epicd_socket, file_type, data_file_type;
+type vaultkeeperd_socket, file_type, data_file_type;
### SYSFS
type sysfs_argos, sysfs_type, r_fs_type, fs_type;
/dev/block/platform/.+/by-name/(radio|RADIO) u:object_r:radio_block_device:s0
/dev/block/platform/.+/by-name/(recovery|RECOVERY) u:object_r:recovery_block_device:s0
/dev/block/platform/.+/by-name/sec_efs u:object_r:sec_efs_block_device:s0
+/dev/block/platform/.+/by-name/steady u:object_r:steady_block_device:s0
/dev/block/platform/.+/by-name/super u:object_r:super_block_device:s0
/dev/block/platform/.+/by-name/(system|SYSTEM) u:object_r:system_block_device:s0
/dev/block/platform/.+/by-name/(userdata|USERDATA) u:object_r:userdata_block_device:s0
/mnt/vendor/efs/tee(/.*)? u:object_r:tee_efs_file:s0
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
+## VaultKeeper
+/dev/socket/vaultkeeper u:object_r:vaultkeeperd_socket:s0
+
### VENDOR
+/(vendor|system/vendor)/bin/cass u:object_r:cass_exec:s0
/(vendor|system/vendor)/bin/cbd u:object_r:cbd_exec:s0
/(vendor|system/vendor)/bin/secril_config_svc u:object_r:secril_config_svc_exec:s0
/(vendor|system/vendor)/bin/thermal_symlinks\.samsung u:object_r:init-thermal-symlinks-sh_exec:s0
+/(vendor|system/vendor)/bin/vaultkeeperd u:object_r:vaultkeeperd_exec:s0
/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0
vendor_internal_prop(vendor_radio_prop)
vendor_internal_prop(vendor_fastcharge_prop)
vendor_internal_prop(vendor_thermal_prop)
+vendor_internal_prop(vendor_vaultkeeper_prop)
vendor_internal_prop(vendor_wifi_prop)
## thermal
vendor.thermal. u:object_r:vendor_thermal_prop:s0
+## vaultkeeper
+ro.vendor.security.vaultkeeper u:object_r:vendor_vaultkeeper_prop:s0
+vendor.security.vaultkeeper u:object_r:vendor_vaultkeeper_prop:s0
+
### wifi
vendor.wifi. u:object_r:vendor_wifi_prop:s0
ro.vendor.wifi. u:object_r:vendor_wifi_prop:s0
--- /dev/null
+type vaultkeeperd, domain;
+type vaultkeeperd_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(vaultkeeperd)
+
+allow vaultkeeperd kmsg_device:chr_file getattr;
+allow vaultkeeperd block_device:dir search;
+allow vaultkeeperd steady_block_device:blk_file rw_file_perms;
+
+set_prop(vaultkeeperd, vendor_vaultkeeper_prop)
+
+allow vaultkeeperd socket_device:dir w_dir_perms;
+allow vaultkeeperd vaultkeeperd_socket:dir rw_dir_perms;
+allow vaultkeeperd vaultkeeperd_socket:sock_file create_file_perms;
--- /dev/null
+teegris_use(vaultkeeperd)
projects / GitHub / LineageOS / android_device_samsung_slsi_sepolicy.git / commitdiff