Mostly working now.
These denials are left to fix:
```
kworker/u16:1: type=1400 audit(0.0:85): avc: denied { dac_override } for capability=1 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0
kworker/u16:1: type=1400 audit(0.0:86): avc: denied { dac_read_search } for capability=2 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0
type=1400 audit(
1598966762.983:15): avc: denied { dac_override } for comm="e2fsck" capability=1 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0
type=1400 audit(
1598966762.983:15): avc: denied { dac_read_search } for comm="e2fsck" capability=2 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0
```
# /efs/maxim/rdc_cal
allow hal_audio_default efs_file:file { read open };
+allow hal_audio_default efs_file:dir search;
allow hal_audio_default imei_efs_file:dir search;
allow hal_audio_default imei_efs_file:file { getattr open read };
allow hal_audio_default vendor_radio_prop:file { getattr open read };
+
+allow hal_audio_default init:unix_stream_socket connectto;
allow hal_camera_default sysfs_camera:dir search;
allow hal_camera_default sysfs_camera:file { getattr open read write };
allow hal_camera_default exported_camera_prop:file { getattr open read };
+allow hal_camera_default camera_data_file:dir search;
# add_hwservice(hal_camera_default, hal_vendor_multiframeprocessing_hwservice)
# add_hwservice(hal_camera_default, hal_vendor_iva_hwservice)
# /system/etc/event-log-tags
allow nfc runtime_event_log_tags_file:file getattr;
+allow hal_nfc_default hal_nfc_hwservice:hwservice_manager add;
+
# vendor.nfc.fw.
set_prop(hal_nfc_default, vendor_nfc_prop)
vendor.samsung.hardware.camera.provider::ISehCameraProvider u:object_r:hal_camera_hwservice:s0
vendor.samsung.hardware.gnss::ISecGnss u:object_r:hal_gnss_hwservice:s0
+vendor.samsung.hardware.nfc::ISecNfc u:object_r:hal_nfc_hwservice:s0
vendor.samsung_slsi.hardware.MultiFrameProcessing20::IMultiFrameProcessing20 u:object_r:hal_vendor_multiframeprocessing_hwservice:s0
vendor.samsung_slsi.hardware.eden_runtime::IEdenruntime u:object_r:hal_vendor_eden_runtime_hwservice:s0
vendor.samsung_slsi.hardware.iva::IIvaService u:object_r:hal_vendor_iva_hwservice:s0
allow kernel app_efs_file:dir search;
allow kernel app_efs_file:file open;
allow kernel sensor_factoryapp_efs_file:file open;
+allow kernel efs_file:dir search;
allow kernel device:chr_file { getattr setattr unlink create };
allow kernel device:dir { add_name remove_name rmdir write };
-allow kernel self:capability mknod;
+allow kernel self:capability { mknod };
allow lhd sysfs_virtual:dir search;
allow lhd sysfs_virtual:file { open read write };
allow lhd sysfs_virtual:lnk_file read;
+allow lhd efs_file:dir search;
allow rild radio_vendor_data_file:file { create ioctl lock getattr read write open unlink };
allow rild radio_vendor_data_file:dir { add_name write open read remove_name };
allow rild radio_data_file:file { open read getattr write };
+allow rild radio_data_file:dir search;
allow rild proc_qtaguid_stat:file read;
-allow tee efs_file:dir getattr;
+allow tee efs_file:dir { search getattr };
allow tee efs_file:file { getattr open read };
-allow tee gatekeeper_efs_file:dir { open read };
+allow tee gatekeeper_efs_file:dir { search open read };
allow tee gatekeeper_efs_file:file { getattr open read };
allow tee init:unix_stream_socket connectto;
allow tee property_socket:sock_file write;
# /dev/t-base-tui
allow tee tee_device:chr_file { ioctl open read };
-allow tee mobicore_vendor_data_file:dir { open read };
-allow tee mobicore_vendor_data_file:file { getattr open read };
+allow tee mobicore_vendor_data_file:dir { search open read };
+allow tee mobicore_vendor_data_file:file rw_file_perms;
# /dev/mali0
allow untrusted_app gpu_device:chr_file { ioctl open read write };
+
+allow untrusted_app debugfs_mali:dir read;
projects / GitHub / exynos8895 / android_device_samsung_universal8895-common.git / commitdiff