Have verified that they exist on dream2lte.
Heavily inspired by universal7880-common, exynos9820-common and
universal9810-common's sepolicies.
+++ /dev/null
-allow bootanim device:chr_file { getattr ioctl };
--- /dev/null
+# /dev/vfsspi
+type fingerprint_device, dev_type;
+
+# /dev/batch_io
+type sensor_device, dev_type;
+
+# /dev/s5p-smem
+type secmem_device, dev_type;
+
+# /dev/m2m1shot_scaler0
+type m2m1shot_device, dev_type;
+
+# gps
+type gps_device, dev_type;
-type batch_io_device, dev_type;
+### efs types
+type app_efs_file, file_type;
+type battery_efs_file, file_type;
+type cpk_efs_file, file_type;
+type gatekeeper_efs_file, file_type;
+type radio_factoryapp_efs_file, file_type;
+type imei_efs_file, file_type;
+type bin_nv_data_efs_file, file_type;
+type prov_efs_file, file_type;
+type sec_efs_file, file_type;
+type wifi_efs_file, file_type;
+type factoryprop_efs_file, file_type;
+type sensor_factoryapp_efs_file, file_type;
+type factorymode_factoryapp_efs_file, file_type;
+type baro_delta_factoryapp_efs_file, file_type;
+
+# gps
+type gps_vendor_data_file, file_type, data_file_type;
+type gps_socket, file_type;
+
+# debugfs types
+type debugfs_mali, fs_type, debugfs_type;
+type debugfs_mali_mem, fs_type, debugfs_type;
+type debugfs_ion, fs_type, debugfs_type;
+type debugfs_ion_dma, fs_type, debugfs_type;
+
+# proc
+type proc_extra, fs_type, proc_type;
+type proc_reset_reason, fs_type, proc_type;
+type proc_swapiness, fs_type, proc_type;
+
+# data types
+type display_vendor_data_file, file_type, data_file_type;
+type fingerprintd_vendor_data_file, data_file_type, file_type;
+type mediadrm_data_file, file_type, data_file_type;
+type radio_vendor_data_file, data_file_type, file_type;
+type mobicore_data_file, data_file_type, core_data_file_type, file_type;
# sysfs types
type sysfs_graphics, fs_type, sysfs_type;
+type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_sec, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_gps, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_brightness, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_input, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_virtual, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_iio, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_charger, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_modem, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_lcd, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
-/cpefs(/.*)? u:object_r:efs_file:s0
-/dev/mali0 u:object_r:gpu_device:s0
-/dev/umts_ipc0 u:object_r:radio_device:s0
-/dev/fimg2d u:object_r:video_device:s0
+####################################
+# Devices
+/cpefs(/.*)? u:object_r:efs_file:s0
+/dev/mali[0-9]* u:object_r:gpu_device:s0
+/dev/umts_ipc0 u:object_r:radio_device:s0
+/dev/fimg2d u:object_r:video_device:s0
+/dev/vfsspi u:object_r:fingerprint_device:s0
+/dev/sec-nfc u:object_r:nfc_device:s0
-# Sensors
-/dev/batch_io u:object_r:batch_io_device:s0
+/dev/cpuset(/.*)? u:object_r:cgroup:s0
+
+/dev/mobicore u:object_r:tee_device:s0
+/dev/mobicore-user u:object_r:tee_device:s0
+
+# camera
+/dev/m2m1shot_scaler0 u:object_r:m2m1shot_device:s0
+
+# usb
+/dev/android_ssusbcon(/.*)? u:object_r:usb_device:s0
+/dev/mtp_usb* u:object_r:mtp_device:s0
+/dev/usb(/.*)? u:object_r:usb_device:s0
+
+# sensors
+/dev/batch_io u:object_r:sensor_device:s0
+/dev/ssp_sensorhub u:object_r:sensor_device:s0
+
+# adbroot and storaged
+/dev/stune(/.*)? u:object_r:cgroup:s0
+
+# zram
+/dev/block/zram0 u:object_r:swap_block_device:s0
+
+####################################
+# efs files
+/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
+/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
+/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
+/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
+/efs/FactoryApp/gyro_cal_data u:object_r:sensor_factoryapp_efs_file:s0
+
+/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
+/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
+/efs/imei(/.*)? u:object_r:imei_efs_file:s0
+/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
+/efs/nv.log u:object_r:bin_nv_data_efs_file:s0
+/efs/\.nv_core\.bak(.*) u:object_r:bin_nv_data_efs_file:s0
+/efs/prov(/.*)? u:object_r:prov_efs_file:s0
+/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
+/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
+/efs/wv\.keys u:object_r:cpk_efs_file:s0
+/efs/factory\.prop u:object_r:factoryprop_efs_file:s0
+/efs/TEE(/.*)? u:object_r:gatekeeper_efs_file:s0
+
+####################################
+# data files
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+
+/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
+/data/vendor/secradio(/.*)? u:object_r:radio_vendor_data_file:s0
+
+# gps
+/data/vendor/gps(/.*)? u:object_r:gps_vendor_data_file:s0
+
+# livedisplay
+/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
+
+# drm
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_data_file:s0
+
+# mobicore
+/data/misc/mcRegistry(/.*)? u:object_r:mobicore_data_file:s0
+
+# biometrics
+/data/vendor/biometrics(/.*)? u:object_r:fingerprintd_vendor_data_file:s0
+
+# camera
+/data/camera(/.*)? u:object_r:camera_data_file:s0
+
+####################################
+# sysfs files
+/sys/class/power_supply/battery/music -- u:object_r:sysfs:s0
+/sys/class/devfreq/17000010.devfreq_mif(/.*)? -- u:object_r:sysfs:s0
+
+# gps
+/sys/class/sec/gps/GPS_PWR_EN/value u:object_r:sysfs_gps:s0
+
+# charger
+/sys/devices/platform/battery/power_supply(/.*) u:object_r:sysfs_charger:s0
+/sys/devices/battery/power_supply(/.*) u:object_r:sysfs_charger:s0
+/sys/class/power_supply/max77865-charger(/.*) u:object_r:sysfs_charger:s0
+/sys/devices/platform/10940000\.hsi2c/i2c-11/11-003b/power_supply/mfc-charger(/.*) u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/otg(/.*)? u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger(/.*)? u:object_r:sysfs_charger:s0
+/sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-fuelgauge/power_supply/max77865-fuelgauge(/.*)? u:object_r:sysfs_charger:s0
+
+# sec
+/sys/class/sec(/.*)? -- u:object_r:sysfs_sec:s0
+
+# virtual
+/sys/devices/virtual(/.*)? u:object_r:sysfs_virtual:s0
+
+# iio
+/sys/devices/platform/108c0000\.spi/spi_master/spi10/spi10\.0/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
+/sys/bus/iio/devices(/.*)? u:object_r:sysfs_iio:s0
+
+# Backlight/Notification LED control
+/sys/devices/platform/panel_drv@001/backlight/panel/brightness u:object_r:sysfs_graphics:s0
+/sys/devices/platform/panel_drv@001/backlight/panel/max_brightness u:object_r:sysfs_graphics:s0
+
+# camera
+/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
+
+# rild
+/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp:s0
+
+# mDNIe
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/lux u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/sensorRGB u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/accessibility u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/night_mode u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/mdnie_ldu u:object_r:sysfs_mdnie:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/mdnie/whiteRGB u:object_r:sysfs_mdnie:s0
+
+# input
+/sys/devices/platform/108e0000\.hsi2c/i2c-5/5-0049/input/input0(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/108e0000\.hsi2c/i2c-5/5-0049/input/input1(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/10460000\.spi/spi_master/spi3/spi3\.0/madera-extcon/input/input5(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/gpio_keys/input/input6(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/hall/input/input7(/.*)? u:object_r:sysfs_input:s0
+/sys/devices/platform/certify_hall/input/input8(/.*)? u:object_r:sysfs_input:s0
+
+# lcd
+/sys/devices/platform/panel_drv@001/lcd/panel/adaptive_control u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/alpm u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/dpui u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/dpui_dbg u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/lcd_type u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/lux u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/manufacture_code u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/temperature u:object_r:sysfs_lcd:s0
+/sys/devices/platform/panel_drv@001/lcd/panel/window_type u:object_r:sysfs_lcd:s0
+
+# modem
+/sys/module/modem_ctrl_ss310ap/parameters/ds_detect u:object_r:sysfs_modem:s0
+
+####################################
+# Lineage hals
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.universal8895 u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
+
+# hidl services
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service\.widevine u:object_r:hal_drm_widevine_exec:s0
-# LED
+# mali debugfs
+genfscon debugfs /mali/ u:object_r:debugfs_mali:s0
+genfscon debugfs /mali/mem/ u:object_r:debugfs_mali_mem:s0
+
+# ion debugfs
+genfscon debugfs /ion/ u:object_r:debugfs_ion:s0
+genfscon debugfs /dma_buf u:object_r:debugfs_ion_dma:s0
+
+# PROC
+genfscon proc /extra u:object_r:proc_extra:s0
+genfscon proc /reset_reason u:object_r:proc_reset_reason:s0
+genfscon proc /sys/vm/swappiness u:object_r:proc_swapiness:s0
+
+# SYSFS
+
+# class
+genfscon sysfs /class/android_usb/android0 u:object_r:sysfs_android_usb:s0
+genfscon sysfs /class/camera u:object_r:sysfs_camera:s0
+
+# devices
genfscon sysfs /devices/virtual/sec/led/led_blink u:object_r:sysfs_graphics:s0
-allow hal_audio_default efs_file:dir search;
-allow hal_audio_default efs_file:file { open read };
allow hal_audio_default property_socket:sock_file write;
+allow hal_audio_default rild:unix_stream_socket connectto;
+allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
+
+# /efs/maxim/rdc_cal
+allow hal_audio_default efs_file:file { read open };
+++ /dev/null
-allow hal_bluetooth_default efs_file:file { open read };
allow hal_camera_default vndbinder_device:chr_file read;
+allow hal_camera_default debugfs_ion:dir search;
+allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_camera_default hal_graphics_composer_default:fd use;
+allow hal_camera_default sysfs_virtual:dir search;
+allow hal_camera_default sysfs_virtual:file { getattr open read write };
+allow hal_camera_default sysfs_camera:dir search;
+allow hal_camera_default sysfs_camera:file { getattr open read write };
--- /dev/null
+# policy for /vendor/bin/hw/android.hardware.drm clearkey service
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+
+allow hal_drm_clearkey mediadrm_data_file:dir create_dir_perms;
+allow hal_drm_clearkey mediadrm_data_file:file create_file_perms;
--- /dev/null
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_widevine)
+
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+vndbinder_use(hal_drm_widevine);
+
+allow hal_drm_widevine mediacodec:fd use;
+allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine hal_allocator_server:fd use;
+
+allow hal_drm_widevine mediadrm_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_data_file:file create_file_perms;
+allow hal_drm_widevine media_data_file:dir search;
+allow hal_drm_widevine vendor_data_file:dir { write create add_name } ;
+allow hal_drm_widevine vendor_data_file:file { create open read write getattr } ;
+
+allow hal_drm_widevine cpk_efs_file:file { open read getattr };
+allow hal_drm_widevine efs_file:dir search;
+
+allow hal_drm_widevine secmem_device:chr_file { open read write ioctl };
--- /dev/null
+# allow hal_fingerprint_default to communicate with various devices
+binder_call(system_app, hal_fingerprint_default)
+
+# kernel fp device
+allow hal_fingerprint_default fingerprint_device:chr_file { open read write ioctl getattr };
+
+# secure memory device
+allow hal_fingerprint_default secmem_device:chr_file { open read write ioctl };
+
+# trust zone device
+allow hal_fingerprint_default tee_device:chr_file { open read write ioctl };
+allow hal_fingerprint_default tee:unix_stream_socket connectto;
+
+# /data/vendor/biometrics/*
+allow hal_fingerprint_default fingerprintd_vendor_data_file:dir { rmdir read write remove_name create open add_name search };
+allow hal_fingerprint_default fingerprintd_vendor_data_file:file { write create read rename open getattr unlink };
+
+# sysfs_virtual
+allow hal_fingerprint_default sysfs_virtual:dir search;
+allow hal_fingerprint_default sysfs_virtual:file { open read };
-allow hal_gatekeeper_default efs_file:file { open read };
+allow hal_gatekeeper_default gatekeeper_efs_file:file { write open read };
+allow hal_gatekeeper_default gatekeeper_efs_file:dir search;
allow hal_gatekeeper_default tee_device:chr_file { open read write };
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { create read };
allow hal_graphics_composer_default servicemanager:binder call;
-allow hal_graphics_composer_default sysfs:file read;
-allow hal_graphics_composer_default vendor_data_file:file append;
+allow hal_graphics_composer_default vendor_data_file:file { append getattr open };
allow hal_graphics_composer_default vndbinder_device:chr_file read;
# /dev/fimg2d
-allow hal_graphics_composer_default video_device:chr_file ioctl;
+allow hal_graphics_composer_default video_device:chr_file { open read write ioctl };
-allow hal_health_default sysfs:file { getattr open read };
+r_dir_file(hal_health_default, sysfs_charger)
+
+allow hal_health_default sysfs_charger:file rw_file_perms;
+++ /dev/null
-allow hal_keymaster_default device:chr_file ioctl;
--- /dev/null
+allow hal_light_default sysfs_brightness:file { open read write getattr };
+allow hal_light_default sysfs_virtual:dir search;
+allow hal_light_default sysfs_virtual:file { read write open getattr };
+allow hal_light_default sysfs_graphics:file { open read getattr write };
--- /dev/null
+# Allow LiveDisplay to store files under /data/vendor/display and access them
+allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms;
+allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms;
+# Allow LiveDisplay to read and write to files in sysfs_graphics, sysfs_mdnie
+allow hal_lineage_livedisplay_sysfs sysfs_mdnie:dir search;
+allow hal_lineage_livedisplay_sysfs sysfs_mdnie:file rw_file_perms;
--- /dev/null
+# Allow reading of sysfs nodes to find input devices
+
+allow hal_power_default sysfs_devices_system_cpu:file write;
+
+allow hal_power_default sysfs_input:dir { open read search getattr };
+allow hal_power_default sysfs_input:file { open read write getattr };
+
+allow hal_power_default sysfs_virtual:dir { open read search };
+allow hal_power_default sysfs_virtual:file { open read write getattr };
+
+allow hal_power_default sysfs:dir { read open };
+allow hal_power_default sysfs:file { read write open };
+
+allow hal_power_default sysfs_brightness:file rw_file_perms;
+allow hal_power_default sysfs_graphics:file { getattr read open };
\ No newline at end of file
-allow hal_sensors_default efs_file:dir search;
-allow hal_sensors_default sysfs:file { read write getattr open };
+# /efs/FactoryApp/
+allow hal_sensors_default app_efs_file:dir rw_dir_perms;
+allow hal_sensors_default app_efs_file:file { rw_file_perms setattr };
+
+# /efs
+allow hal_sensors_default efs_file:dir r_dir_perms;
# sensor_device
allow hal_sensors_default sensor_device:chr_file rw_file_perms;
+
+# iio_device
+allow hal_sensors_default iio_device:chr_file { open read };
+
+# sysfs_iio
+allow hal_sensors_default sysfs_iio:file { open read getattr write };
+allow hal_sensors_default sysfs_iio:dir { open read search };
+allow hal_sensors_default sysfs_iio:lnk_file read;
+
+# sysfs_virtual
+allow hal_sensors_default sysfs_virtual:dir r_dir_perms;
+allow hal_sensors_default sysfs_virtual:file rw_file_perms;
+
+allow hal_sensors_default sysfs:file { open read getattr write };
--- /dev/null
+allow hal_wifi_hostapd_default sysfs_virtual:dir search;
+allow hal_wifi_hostapd_default sysfs_virtual:lnk_file { getattr read };
-allow init device:chr_file ioctl;
allow init rild:unix_stream_socket connectto;
allow init self:netlink_kobject_uevent_socket { create setopt };
allow init socket_device:sock_file create;
allow init fwk_sensor_hwservice:hwservice_manager find;
allow init hwservicemanager:binder call;
allow init netd:unix_stream_socket connectto;
-allow init self:tcp_socket create;
+allow init fwmarkd_socket:sock_file write;
+allow init nfc:binder call;
+allow init nfc_device:chr_file ioctl;
+allow init sysfs_virtual:file { open write };
+allow init system_server:binder { transfer call };
+allow init tee_device:chr_file ioctl;
+allow init device:chr_file ioctl;
+allow init self:tcp_socket { getopt create bind connect };
+allow init node:tcp_socket node_bind;
+allow init port:tcp_socket { name_bind name_connect };
+allow init gps_vendor_data_file:fifo_file write;
+allow init gps_vendor_data_file:file lock;
# LED
allow init sysfs_graphics:file { open read write };
+
+unix_socket_connect(init, property, rild)
+++ /dev/null
-allow installd device:file write;
-allow kernel device:dir write;
-allow kernel efs_file:file open;
+allow kernel app_efs_file:dir search;
+allow kernel app_efs_file:file open;
+allow kernel sensor_factoryapp_efs_file:file open;
+
+allow kernel device:chr_file { getattr setattr unlink };
+allow kernel device:dir { add_name remove_name rmdir write };
+allow kernel self:capability { mknod };
-allow mediacodec sysfs:file { getattr open read };
+allow mediacodec debugfs_ion:dir search;
+
+# /sys/class/video4linux/video6/name
+allow mediacodec sysfs:file r_file_perms;
+allow mediacodec sysfs:dir { open read };
\ No newline at end of file
-allow netd device:file write;
allow netd self:capability sys_module;
-allow netd init:tcp_socket { read write };
+allow netd init:tcp_socket { setopt getopt read write };
+
+allow netd sysfs_virtual:dir search;
+allow netd sysfs_virtual:file { write open };
--- /dev/null
+allow nfc sec_efs_file:dir search;
# /dev/mali0
allow platform_app gpu_device:chr_file { ioctl read write };
+
+allow platform_app debugfs_ion:dir search;
+allow platform_app debugfs_mali:dir search;
# /dev/mali0
allow priv_app gpu_device:chr_file { ioctl read write };
+
+allow priv_app debugfs_ion:dir search;
+allow priv_app debugfs_mali:dir search;
+allow priv_app debugfs_mali_mem:dir search;
-allow rild init:file read;
allow rild proc_net:file write;
-allow rild vendor_data_file:file { getattr read write open };
+allow rild vendor_data_file:file { getattr setattr read write open };
# /dev/umts_ipc0
allow rild radio_device:chr_file ioctl;
+
+allow rild bin_nv_data_efs_file:file { setattr getattr read open write };
+
+allow rild hal_audio_default:dir search;
+allow rild hal_audio_default:file { getattr open read };
+
+allow rild radio_vendor_data_file:file { create ioctl lock getattr read write open unlink };
+allow rild radio_vendor_data_file:dir { add_name write open read remove_name };
+
+allow rild proc_qtaguid_stat:file read;
+++ /dev/null
-allow shell proc:file getattr;
-allow system_app proc_pagetypeinfo:file { getattr open read };
-
# /dev/mali0
allow system_app gpu_device:chr_file { ioctl read write };
+
+allow system_app proc_pagetypeinfo:file { getattr open read };
+allow system_app debugfs_ion:dir search;
+allow system_app debugfs_mali:dir search;
+allow system_app debugfs_mali_mem:dir search;
+allow system_app sysfs_virtual:dir search;
-# /sys/kernel/debug/mali/mem
-# allow system_server debugfs:dir { open read };
-# allow system_server debugfs:file { open read };
-
# /dev/mali0
allow system_server gpu_device:chr_file { ioctl read write };
# memtrack HAL
-allow system_server debugfs:dir r_dir_perms;
+# allow system_server debugfs:dir r_dir_perms;
allow system_server debugfs_mali:dir r_dir_perms;
allow system_server debugfs_mali:file r_file_perms;
+
+allow system_server debugfs_ion:dir search;
+allow system_server debugfs_ion:file { getattr open read };
+
+allow system_server debugfs_ion_dma:dir search;
+allow system_server debugfs_mali_mem:dir search;
+allow system_server debugfs_mali_mem:file { getattr open read };
# /dev/mali0
allow untrusted_app gpu_device:chr_file { ioctl open read write };
+
+allow untrusted_app debugfs_ion:dir search;
+allow untrusted_app debugfs_ion_dma:dir search;
+allow untrusted_app debugfs_mali:dir search;
+allow untrusted_app debugfs_mali_mem:dir search;
# /dev/mali0
allow untrusted_app_27 gpu_device:chr_file { ioctl read write };
+
+allow untrusted_app_27 debugfs_ion:dir search;
+allow untrusted_app_27 debugfs_mali:dir search;
+allow untrusted_app_27 debugfs_mali_mem:dir search;
+
+allow untrusted_app_27 sysfs_net:dir search;
+allow untrusted_app_27 sysfs_virtual:file { open read getattr };
+allow untrusted_app_27 sysfs_virtual:dir search;
--- /dev/null
+# /efs
+allow vold efs_file:dir r_dir_perms;
+++ /dev/null
-allow zygote device:file { open write };
projects / GitHub / exynos8895 / android_device_samsung_universal8895-common.git / commitdiff