-allow apexd sysfs_virtual:file { read write };
+allow apexd sysfs_virtual:file { read write open };
--- /dev/null
+allow cbd factoryprop_efs_file:file { open read };
+allow cbd sysfs_info:file { open read };
allow crash_dump hwservicemanager_prop:file { getattr open };
+allow crash_dump exported_camera_prop:file { getattr open };
+allow crash_dump app_data_file:file read;
--- /dev/null
+# domain.te
+
+# /sys/kernel/debug/mali
+allow domain debugfs_mali:dir search;
+
+# /sys/kernel/debug/mali/mem
+allow domain debugfs_mali_mem:dir search;
+
+# /sys/kernel/debug/dma_buf
+allow domain debugfs_ion_dma:dir search;
+
+# /sys/kernel/debug/ion
+allow domain debugfs_ion:dir search;
+
+# /sys/kernel/debug/tracing/trace_marker
+allow domain debugfs_trace_marker:file getattr;
# data types
type display_vendor_data_file, file_type, data_file_type;
type fingerprintd_vendor_data_file, data_file_type, file_type;
+type mobicore_vendor_data_file, data_file_type, file_type;
type mediadrm_data_file, file_type, data_file_type;
type mobicore_data_file, data_file_type, core_data_file_type, file_type;
# sysfs types
+type sysfs_batteryinfo_charger_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_camera_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_decon, sysfs_type, r_fs_type, fs_type;
+type sysfs_gpu, sysfs_type, r_fs_type, fs_type;
+type sysfs_sec_switch, sysfs_type, r_fs_type, fs_type;
+type sysfs_socinfo, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_mfc, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_smfc, sysfs_type, r_fs_type, fs_type;
+type sysfs_v4l_fimc, sysfs_type, r_fs_type, fs_type;
type sysfs_graphics, fs_type, sysfs_type;
type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
type sysfs_modem, fs_type, sysfs_type, mlstrustedobject;
type sysfs_lcd, fs_type, sysfs_type, mlstrustedobject;
type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_mmc_host_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_ss_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_usb_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_gpu_writable, sysfs_type, rw_fs_type, fs_type;
+type sysfs_info, sysfs_type, r_fs_type, fs_type;
/dev/mobicore u:object_r:tee_device:s0
/dev/mobicore-user u:object_r:tee_device:s0
+/dev/t-base-tui u:object_r:tee_device:s0
# camera
/dev/m2m1shot_scaler0 u:object_r:m2m1shot_device:s0
# zram
/dev/block/zram0 u:object_r:swap_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/CACHE u:object_r:cache_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/CPEFS u:object_r:efs_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/EFS u:object_r:efs_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/KEYREFUGE u:object_r:keyrefuge_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/MISC u:object_r:misc_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/OMR u:object_r:omr_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/PERSISTENT u:object_r:frp_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/RADIO u:object_r:radio_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/SYSTEM u:object_r:system_block_device:s0
+/dev/block/platform/11120000\.ufs/by-name/USERDATA u:object_r:userdata_block_device:s0
+
####################################
# efs files
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
/efs/wv\.keys u:object_r:cpk_efs_file:s0
/efs/factory\.prop u:object_r:factoryprop_efs_file:s0
/efs/TEE(/.*)? u:object_r:gatekeeper_efs_file:s0
+/efs/TEE/Store_1.tf u:object_r:gatekeeper_efs_file:s0
####################################
# data files
# mobicore
/data/misc/mcRegistry(/.*)? u:object_r:mobicore_data_file:s0
+/data/vendor/mcRegistry(/.*)? u:object_r:mobicore_vendor_data_file:s0
# camera
/data/camera(/.*)? u:object_r:camera_data_file:s0
/sys/class/sec/gps/GPS_PWR_EN/value u:object_r:sysfs_gps:s0
# charger
-/sys/devices/platform/battery/power_supply(/.*) u:object_r:sysfs_charger:s0
/sys/devices/battery/power_supply(/.*) u:object_r:sysfs_charger:s0
/sys/class/power_supply/max77865-charger(/.*) u:object_r:sysfs_charger:s0
/sys/devices/platform/10940000\.hsi2c/i2c-11/11-003b/power_supply/mfc-charger(/.*) u:object_r:sysfs_charger:s0
/sys/devices/virtual(/.*)? u:object_r:sysfs_virtual:s0
# iio
-/sys/devices/platform/108c0000\.spi/spi_master/spi10/spi10\.0/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
+/sys/devices/platform/15b70000\.adc/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
/sys/bus/iio/devices(/.*)? u:object_r:sysfs_iio:s0
# Backlight/Notification LED control
/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/whiteRGB u:object_r:sysfs_mdnie:s0
# input
-/sys/devices/platform/108e0000\.hsi2c/i2c-5/5-0049/input/input0(/.*)? u:object_r:sysfs_input:s0
-/sys/devices/platform/108e0000\.hsi2c/i2c-5/5-0049/input/input1(/.*)? u:object_r:sysfs_input:s0
-/sys/devices/platform/10460000\.spi/spi_master/spi3/spi3\.0/madera-extcon/input/input5(/.*)? u:object_r:sysfs_input:s0
/sys/devices/platform/gpio_keys/input/input6(/.*)? u:object_r:sysfs_input:s0
/sys/devices/platform/hall/input/input7(/.*)? u:object_r:sysfs_input:s0
/sys/devices/platform/certify_hall/input/input8(/.*)? u:object_r:sysfs_input:s0
# modem
/sys/module/modem_ctrl_ss310ap/parameters/ds_detect u:object_r:sysfs_modem:s0
+# ZRAM
+/sys/devices/virtual/block/zram0/mm_stat u:object_r:sysfs_zram:s0
+
+
# Lineage hals
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@[0-9]\.[0-9]-service\.universal8895 u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
-
-# hidl services
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+### VENDOR
+/(vendor|system/vendor)/bin/vendor\.samsung\.hardware\.security\.widevine\.keyprovisioning@[0-9]\.[0-9]-service u:object_r:hal_drm_widevine_exec:s0
+
+/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
+/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0
+/(vendor|system/vendor)/bin/hw/macloader u:object_r:macloader_exec:s0
+/(vendor|system/vendor)/bin/mcDriverDaemon u:object_r:tee_exec:s0
+
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@[0-9]\.[0-9]-service\.samsung u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@[0-9]\.[0-9]-service\.basic u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@[0-9]\.[0-9]-service u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@[0-9]\.[0-9]-service u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0
--- /dev/null
+allow fsck cache_file:dir getattr;
+allow fsck sysfs_battery:dir search;
+allow fsck tmpfs:blk_file getattr;
+allow fsck efs_block_device:blk_file rw_file_perms;
-# mali debugfs
+# DEBUGFS
genfscon debugfs /mali/ u:object_r:debugfs_mali:s0
genfscon debugfs /mali/mem/ u:object_r:debugfs_mali_mem:s0
# SYSFS
# class
-genfscon sysfs /class/android_usb/android0 u:object_r:sysfs_android_usb:s0
genfscon sysfs /class/camera u:object_r:sysfs_camera:s0
+genfscon sysfs /class/input/input4 u:object_r:sysfs_sensors:s0
+genfscon sysfs /class/input/input6 u:object_r:sysfs_sensors:s0
+genfscon sysfs /class/video4linux u:object_r:sysfs_v4l:s0
# devices
-genfscon sysfs /devices/virtual/sec/led/led_blink u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/virtual/sec/led/led_blink u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/108e0000.hsi2c/i2c-5/5-0049/input/ u:object_r:sysfs_touchscreen_writable:s0
+genfscon sysfs /devices/platform/10970000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/108c0000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/10460000.spi/ u:object_r:sysfs_spi_writeable:s0
+genfscon sysfs /devices/platform/164b0000.pinctrl/gpio/gpio13/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /devices/platform/11430000.pinctrl/gpio/gpio81/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /devices/platform/10980000.pinctrl/gpio/gpio216/value u:object_r:sysfs_gps_writable:s0
+genfscon sysfs /module/modem_ctrl_ss310ap/parameters/ds_detect u:object_r:sysfs_sim_writable:s0
+genfscon sysfs /devices/platform/11500000.dwmmc2/mmc_host u:object_r:sysfs_mmc_host_writable:s0
+genfscon sysfs /devices/platform/11120000.ufs/host0 u:object_r:sysfs_scsi_host_writable:s0
+genfscon sysfs /devices/platform/15b50000.speedy/i2c-14/14-0000/s2mps17-rtc/rtc u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger/chip_id u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/otg/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-13/13-0066/max77865-fuelgauge/power_supply/max77865-fuelgauge/type u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/10940000.hsi2c/i2c-11/11-003b/power_supply/mfc-charger u:object_r:sysfs_batteryinfo_charger_writable:s0
+genfscon sysfs /devices/platform/12ca0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cb0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cc0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12cd0000.fimc_is_sensor/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/12ce0000.fimc_is/video4linux u:object_r:sysfs_v4l_fimc:s0
+genfscon sysfs /devices/platform/13ce0000.mfc0/video4linux u:object_r:sysfs_v4l_mfc:s0
+genfscon sysfs /devices/platform/13b00000.smfc/video4linux u:object_r:sysfs_v4l_smfc:s0
+genfscon sysfs /devices/platform/12860000.decon_f u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12860000.decon_f/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/12a30000.decon_s u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12a30000.decon_s/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/12a40000.decon_t u:object_r:sysfs_decon:s0
+genfscon sysfs /devices/platform/12a40000.decon_t/vsync u:object_r:sysfs_ss_writable:s0
+genfscon sysfs /devices/platform/bluetooth/rfkill/rfkill0/state u:object_r:sysfs_bt_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/batt_capacity_max u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/status u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/battery/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ac/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/wireless/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ps/type u:object_r:sysfs_battery_writable:s0
+genfscon sysfs /devices/platform/battery/power_supply/ps/status u:object_r:sysfs_battery_writable:s0
+
+genfscon sysfs /devices/soc0/soc_id u:object_r:sysfs_socinfo:s0
+genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_ss_writable:s0
+
+genfscon sysfs /devices/virtual/android_usb/android0 u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/camera u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/virtual/camera/rear/fw_update u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/camera/rear/ssrm_camera_info u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/camera/flash/rear_flash u:object_r:sysfs_camera_writable:s0
+genfscon sysfs /devices/virtual/input/input3 u:object_r:sysfs_sensors_writable:s0
+genfscon sysfs /devices/virtual/input/input4 u:object_r:sysfs_sensors_writable:s0
+
+genfscon sysfs /devices/virtual/sec/switch u:object_r:sysfs_sec_switch:s0
+genfscon sysfs /devices/virtual/sec/sensorhub/mcu_power u:object_r:sysfs_sensorhub_writable:s0
+genfscon sysfs /devices/virtual/usb_notify/usb_control/usb_hw_param u:object_r:sysfs_usb_writable:s0
+
+genfscon sysfs /firmware/devicetree/base/argos u:object_r:sysfs_argos:s0
+genfscon sysfs /firmware/devicetree/base/model_info-system_rev u:object_r:sysfs_info:s0
+
+genfscon sysfs /kernel/gpu/ u:object_r:sysfs_gpu:s0
+genfscon sysfs /kernel/gpu/gpu_max_clock u:object_r:sysfs_gpu_writable:s0
+genfscon sysfs /kernel/gpu/gpu_min_clock u:object_r:sysfs_gpu_writable:s0
# /efs/maxim/rdc_cal
allow hal_audio_default efs_file:file { read open };
+
+allow hal_audio_default imei_efs_file:dir search;
+allow hal_audio_default imei_efs_file:file { getattr open read };
+allow hal_audio_default vendor_radio_prop:file { getattr open read };
-allow hal_bluetooth_default sysfs:file write;
allow hal_bluetooth_default vendor_default_prop:property_service set;
allow hal_bluetooth_default vendor_firmware_file:dir { open read };
-allow hal_camera_default vndbinder_device:chr_file read;
-allow hal_camera_default debugfs_ion:dir search;
+vndbinder_use(hal_camera_default)
+
+allow hal_camera_default vndbinder_device:chr_file { ioctl open write read };
allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
allow hal_camera_default hal_graphics_composer_default:fd use;
allow hal_camera_default sysfs_virtual:dir search;
allow hal_camera_default sysfs_virtual:file { getattr open read write };
allow hal_camera_default sysfs_camera:dir search;
allow hal_camera_default sysfs_camera:file { getattr open read write };
+allow hal_camera_default exported_camera_prop:file { getattr open read };
+
+# add_hwservice(hal_camera_default, hal_vendor_multiframeprocessing_hwservice)
+# add_hwservice(hal_camera_default, hal_vendor_iva_hwservice)
+
+binder_call(hal_camera_default, system_server)
+binder_call(system_server, hal_camera_default)
-allow hal_fingerprint_default fingerprint_device:chr_file ioctl;
allow hal_fingerprint_default fingerprintd_data_file:dir write;
allow hal_fingerprint_default tee_device:chr_file { ioctl open read write };
+allow hal_fingerprint_default fingerprint_device:chr_file { ioctl open read write };
+allow hal_fingerprint_default sysfs_virtual:dir search;
+allow hal_fingerprint_default sysfs_virtual:file { open read };
allow hal_gatekeeper_default gatekeeper_efs_file:file { write open read };
allow hal_gatekeeper_default gatekeeper_efs_file:dir search;
allow hal_gatekeeper_default tee_device:chr_file { open read write };
+allow hal_gatekeeper_default efs_file:dir search;
--- /dev/null
+# cgroups tasks
+allow hal_gnss_default cgroup:file getattr;
+
+# /data/vendor/gps
+allow hal_gnss_default gps_vendor_data_file:dir rw_dir_perms;
+allow hal_gnss_default gps_vendor_data_file:file create_file_perms;
+allow hal_gnss_default gps_vendor_data_file:fifo_file create_file_perms;
+
+# /mnt/vendor
+allow hal_gnss_default mnt_vendor_file:dir search;
+
+# vndbinder
+allow hal_gnss_default vndbinder_device:chr_file rw_file_perms;
+
+# Connect to socket
+allow hal_gnss_default gpsd:unix_stream_socket connectto;
--- /dev/null
+allow hal_graphics_allocator_default cgroup:file rw_file_perms;
+
+vndbinder_use(hal_graphics_allocator_default)
+
+# /sys/kernel/debug/dma_buf/footprint/[0-9]+
+allow hal_graphics_allocator_default debugfs_ion_dma:dir r_dir_perms;
+allow hal_graphics_allocator_default debugfs_ion_dma:file r_file_perms;
-# hal_graphics_composer_default.te
-
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
vndbinder_use(hal_graphics_composer_default)
allow hal_graphics_composer_default sysfs_socinfo:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_socinfo:file r_file_perms;
-# /sys/devices/platform/19030000.decon_f/psr_info
+# /sys/devices/platform/12860000.decon_f/psr_info
allow hal_graphics_composer_default sysfs_decon:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_decon:file r_file_perms;
-# /sys/devices/platform/19030000.decon_f/vsync
+# /sys/devices/platform/12860000.decon_f/vsync
allow hal_graphics_composer_default sysfs_ss_writable:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_ss_writable:file r_file_perms;
allow hal_health_default sysfs_charger:file rw_file_perms;
allow hal_health_default sysfs_battery:dir { open read search };
+allow hal_health_default sysfs_battery:file { getattr open read };
+allow hal_health_default sysfs_battery_writable:dir search;
+allow hal_health_default sysfs_battery_writable:file { getattr open read };
+allow hal_health_default sysfs_batteryinfo_charger_writable:dir search;
--- /dev/null
+allow hal_keymaster_default tee_prop:file { getattr open read };
--- /dev/null
+# hal_nfc_default.te
+init_daemon_domain(hal_nfc_default)
+
+# /system/etc/event-log-tags
+allow nfc runtime_event_log_tags_file:file getattr;
+
+# vendor.nfc.fw.
+set_prop(hal_nfc_default, vendor_nfc_prop)
-allow hal_power_default sysfs_graphics:file read;
+allow hal_power_default sysfs_graphics:file { getattr open read };
+allow hal_power_default sysfs_input:file { getattr open read };
+allow hal_power_default sysfs_virtual:dir { open read search };
+allow hal_power_default sysfs_virtual:file { getattr open read };
+allow hal_power_default sysfs_spi_writeable:dir { open read search };
+allow hal_power_default sysfs_spi_writeable:file rw_file_perms;
+allow hal_power_default sysfs_touchscreen_writable:dir { open read search };
+# allow hal_power_default sysfs_touchscreen_writeable:file rw_file_perms;
-allow hal_sensors_default sysfs:file { open read write };
+allow hal_sensors_default sysfs_iio:file { getattr open read };
allow hal_sensors_default sysfs_iio:lnk_file read;
-allow hal_sensors_default sysfs_virtual:dir search;
-allow hal_sensors_default sysfs_virtual:file { read write open };
+allow hal_sensors_default sysfs_virtual:dir { open read search };
+allow hal_sensors_default sysfs_virtual:file { read write open getattr };
+allow hal_sensors_default sysfs_virtual:lnk_file read;
+allow hal_sensors_default sysfs_lcd:file { open read };
+allow hal_sensors_default baro_delta_factoryapp_efs_file:file { open read };
+allow hal_sensors_default sysfs_input:file read;
+allow hal_sensors_default sysfs_spi_writeable:file { read open write };
--- /dev/null
+allow hal_wifi_default conn_vendor_data_file:dir search;
--- /dev/null
+allow hal_wifi_hostapd_default sysfs_virtual:dir search;
+allow hal_wifi_hostapd_default sysfs_virtual:lnk_file { read getattr };
--- /dev/null
+type hal_sec_radio_hwservice, hwservice_manager_type;
+type hal_sec_radio_bridge_hwservice, hwservice_manager_type;
+type hal_sec_radio_channel_hwservice, hwservice_manager_type;
+
+type hal_vendor_eden_runtime_hwservice, hwservice_manager_type;
+type hal_vendor_multiframeprocessing_hwservice, hwservice_manager_type;
+type hal_vendor_iva_hwservice, hwservice_manager_type;
--- /dev/null
+vendor.samsung.hardware.radio::ISehRadio u:object_r:hal_sec_radio_hwservice:s0
+vendor.samsung.hardware.radio.bridge::ISehBridge u:object_r:hal_sec_radio_bridge_hwservice:s0
+vendor.samsung.hardware.radio.channel::ISehChannel u:object_r:hal_sec_radio_channel_hwservice:s0
+
+vendor.samsung.hardware.camera.provider::ISehCameraProvider u:object_r:hal_camera_hwservice:s0
+vendor.samsung.hardware.gnss::ISecGnss u:object_r:hal_gnss_hwservice:s0
+vendor.samsung_slsi.hardware.MultiFrameProcessing20::IMultiFrameProcessing20 u:object_r:hal_vendor_multiframeprocessing_hwservice:s0
+vendor.samsung_slsi.hardware.eden_runtime::IEdenruntime u:object_r:hal_vendor_eden_runtime_hwservice:s0
+vendor.samsung_slsi.hardware.iva::IIvaService u:object_r:hal_vendor_iva_hwservice:s0
allow init fwmarkd_socket:sock_file write;
allow init nfc:binder call;
allow init nfc_device:chr_file ioctl;
+allow init efs_file:dir mounton;
+allow init efs_block_device:lnk_file relabelto;
+allow init tmpfs:lnk_file create;
-allow init sysfs_virtual:file { open write setattr };
+allow init sysfs_virtual:file { open write setattr read };
allow init sysfs_virtual:lnk_file { read };
allow init sysfs:file setattr;
allow init sysfs_multipdp:file setattr;
allow init sysfs_input:file setattr;
allow init sysfs_lcd:file setattr;
allow init sysfs_mdnie:file setattr;
-allow init sysfs_modem:file write;
+allow init sysfs_modem:file { open write };
+allow init sysfs_battery_writable:file setattr;
+allow init sysfs_mmc_host_writable:file setattr;
+allow init sysfs_scsi_host_writable:file setattr;
+allow init sysfs_power_writable:file setattr;
+allow init sysfs_bt_writable:file setattr;
+allow init sysfs_graphics:file { setattr open read write };
+allow init sysfs_touchscreen_writable:file setattr;
allow init system_server:binder { transfer call };
-allow init tee_device:chr_file ioctl;
+allow init tee_device:chr_file { ioctl open read write };
allow init device:chr_file ioctl;
allow init self:tcp_socket { getopt create bind connect };
allow init node:tcp_socket node_bind;
allow init gps_vendor_data_file:fifo_file write;
allow init gps_vendor_data_file:file lock;
allow init socket_device:sock_file { setattr unlink };
+allow init kernel:system module_request;
allow init proc:file setattr;
allow init proc_swapiness:file write;
-
-allow init sysfs_graphics:file { open read write };
-allow init sysfs_virtual:file read;
+allow init proc_extra:file setattr;
+allow init proc_reset_reason:file setattr;
+allow init proc_swapiness:file open;
unix_socket_connect(init, property, rild)
allow kernel device:chr_file { getattr setattr unlink create };
allow kernel device:dir { add_name remove_name rmdir write };
-allow kernel self:capability { mknod };
+allow kernel self:capability mknod;
--- /dev/null
+allow lhd sysfs_virtual:dir search;
+allow lhd sysfs_virtual:file { open read write };
+allow lhd sysfs_virtual:lnk_file read;
--- /dev/null
+allow macloader sysfs_virtual:dir search;
-allow mediacodec debugfs_ion:dir search;
-
# /sys/class/video4linux/video6/name
-allow mediacodec sysfs:file r_file_perms;
-allow mediacodec sysfs:dir { open read };
\ No newline at end of file
+allow mediacodec sysfs_v4l:dir { search open read };
+allow mediacodec sysfs_v4l_mfc:dir search;
+allow mediacodec sysfs_v4l_mfc:file { getattr open read };
# /dev/mali0
allow platform_app gpu_device:chr_file { ioctl read write };
-
-allow platform_app debugfs_ion:dir search;
-allow platform_app debugfs_mali:dir search;
allow priv_app debugfs_ion:dir search;
allow priv_app debugfs_mali:dir search;
allow priv_app debugfs_mali_mem:dir search;
+
+allow priv_app sysfs_zram:file { getattr open read };
--- /dev/null
+# modemloader
+type modemloader_prop, property_type;
+
+# mobicore (tee)
+type tee_prop, property_type;
+
+type persist_rmnet_prop, property_type;
+type persist_data_df_prop, property_type;
+type persist_data_wda_prop, property_type;
+
+type vendor_camera_prop, property_type;
+type vendor_factory_prop, property_type;
+type vendor_gps_prop, property_type;
+type vendor_nfc_prop, property_type;
\ No newline at end of file
--- /dev/null
+# bluetooth
+persist.bluetooth_fw_ver u:object_r:bluetooth_prop:s0
+ro.bluetooth.tty u:object_r:bluetooth_prop:s0
+wc_transport. u:object_r:bluetooth_prop:s0
+
+# modemloader
+hw.revision u:object_r:modemloader_prop:s0
+ro.cbd.dt_revision u:object_r:modemloader_prop:s0
+ril.cbd.dt_revision u:object_r:modemloader_prop:s0
+ro.modemloader.done u:object_r:modemloader_prop:s0
+
+# mobicore
+sys.mobicoredaemon.enable u:object_r:tee_prop:s0
+
+persist.rmnet. u:object_r:persist_rmnet_prop:s0
+persist.data.df. u:object_r:persist_data_df_prop:s0
+persist.data.wda. u:object_r:persist_data_wda_prop:s0
+
+# CAMERA
+persist.vendor.sys.camera. u:object_r:vendor_camera_prop:s0
+
+# GPS
+ro.spid.gps. u:object_r:vendor_gps_prop:s0
+
+# NFC
+vendor.nfc.fw. u:object_r:vendor_nfc_prop:s0
+
+# RADIO
+persist.ril. u:object_r:radio_prop:s0
+vendor.gsm. u:object_r:vendor_radio_prop:s0
+
+# FACTORY
+ro.factory.factory_binary u:object_r:vendor_factory_prop:s0
allow rild bin_nv_data_efs_file:file { setattr getattr read open write };
-allow rild hal_audio_default:dir search;
-allow rild hal_audio_default:file { getattr open read };
-
allow rild radio_vendor_data_file:file { create ioctl lock getattr read write open unlink };
allow rild radio_vendor_data_file:dir { add_name write open read remove_name };
-allow rild radio_data_file:file { open read };
+allow rild radio_data_file:file { open read getattr write };
allow rild proc_qtaguid_stat:file read;
allow rild factoryprop_efs_file:file { open read write };
allow rild init:file getattr;
+
+# binder
+allow rild hal_radio_default:binder call;
+
+# audio
+allow rild hal_audio_default:dir search;
+allow rild hal_audio_default:file r_file_perms;
+
+# hwservice
+allow rild hal_sec_radio_hwservice:hwservice_manager add;
+allow rild hal_sec_radio_bridge_hwservice:hwservice_manager add;
+allow rild hal_sec_radio_channel_hwservice:hwservice_manager add;
allow system_app gpu_device:chr_file { ioctl read write };
allow system_app proc_pagetypeinfo:file { getattr open read };
-allow system_app debugfs_ion:dir search;
-allow system_app debugfs_mali:dir search;
-allow system_app debugfs_mali_mem:dir search;
allow system_app sysfs_virtual:dir search;
allow system_server gpu_device:chr_file { ioctl read write };
# memtrack HAL
-# allow system_server debugfs:dir r_dir_perms;
allow system_server debugfs_mali:dir r_dir_perms;
allow system_server debugfs_mali:file r_file_perms;
-
-allow system_server debugfs_ion:dir search;
allow system_server debugfs_ion:file { getattr open read };
-
-allow system_server debugfs_ion_dma:dir search;
-allow system_server debugfs_mali_mem:dir search;
allow system_server debugfs_mali_mem:file { getattr open read };
+
+allow system_server frp_block_device:blk_file { getattr ioctl open read write };
+allow system_server vendor_radio_prop:file { getattr open read };
--- /dev/null
+allow tee efs_file:dir getattr;
+allow tee efs_file:file { getattr open read };
+allow tee gatekeeper_efs_file:dir { open read };
+allow tee gatekeeper_efs_file:file { getattr open read };
+allow tee init:unix_stream_socket connectto;
+allow tee property_socket:sock_file write;
+allow tee prov_efs_file:dir search;
+allow tee system_prop:property_service set;
+allow tee tee_prop:property_service set;
+
+# /dev/t-base-tui
+allow tee tee_device:chr_file { ioctl open read };
+
+allow tee mobicore_vendor_data_file:dir { open read };
+allow tee mobicore_vendor_data_file:file { getattr open read };
--- /dev/null
+allow ueventd self:capability sys_nice;
# /dev/mali0
allow untrusted_app gpu_device:chr_file { ioctl open read write };
-
-allow untrusted_app debugfs_ion:dir search;
-allow untrusted_app debugfs_ion_dma:dir search;
-allow untrusted_app debugfs_mali:dir search;
-allow untrusted_app debugfs_mali_mem:dir search;
# /dev/mali0
allow untrusted_app_27 gpu_device:chr_file { ioctl read write };
-allow untrusted_app_27 debugfs_ion:dir search;
-allow untrusted_app_27 debugfs_mali:dir search;
-allow untrusted_app_27 debugfs_mali_mem:dir search;
-
allow untrusted_app_27 sysfs_net:dir search;
allow untrusted_app_27 sysfs_virtual:file { open read getattr };
allow untrusted_app_27 sysfs_virtual:dir search;
# /efs
allow vold efs_file:dir r_dir_perms;
+
+allow vold sysfs_mmc_host_writable:file write;
+allow vold sysfs_scsi_host_writable:file write;
+allow vold sysfs_virtual:file write;
projects / GitHub / exynos8895 / android_device_samsung_universal8895-common.git / commitdiff