unix_socket_connect(audioserver, property, rild)
# /efs/maxim
-allow audioserver { efs_file sec_efs_file }:dir r_dir_perms;
-allow audioserver { efs_file sec_efs_file }:file r_file_perms;
+r_dir_file(audioserver, efs_file);
+r_dir_file(audioserver, sec_efs_file);
# TFA98xx amplifier
allow audioserver amplifier_device:chr_file rw_file_perms;
# /dev/ttySAC3
-allow bluetooth bluetooth_device:chr_file { rw_file_perms ioctl };
-allow hal_bluetooth_default bluetooth_device:chr_file { ioctl open read write };
+allow bluetooth bluetooth_device:chr_file rw_file_perms ;
+allow hal_bluetooth_default bluetooth_device:chr_file rw_file_perms;
# /data/.cid.info
allow bluetooth wifi_data_file:file r_file_perms;
-
-# /efs
-allow hal_bluetooth_default efs_file:dir { search };
-r_dir_file(hal_bluetooth_default, bluetooth_efs_file)
\ No newline at end of file
allow cameraserver camera_device:chr_file rw_file_perms;
# /sys/devices/virtual/camera/*/*_camfw
-allow cameraserver sysfs_camera:file { rw_file_perms open getattr };
-
-# searching for syses nodes
allow cameraserver sysfs_camera:dir search;
+allow cameraserver sysfs_camera:file rw_file_perms;
# /data/camera/ISP_CV
allow cameraserver camera_data_file:file r_file_perms;
# /data/media(/.*)?
-allow cameraserver media_rw_data_file:dir r_dir_perms;
-allow cameraserver media_rw_data_file:file r_file_perms;
+r_dir_file(cameraserver, media_rw_data_file);
-# charger
allow charger sysfs_usb_supply:file rw_file_perms;
+++ /dev/null
-dontaudit domain kernel:system module_request;
type proc_dt_firmware, fs_type, proc_type;
type proc_reset_reason, fs_type, proc_type;
type proc_simslot_count, fs_type, proc_type;
+type proc_input_devices, fs_type, proc_type;
type proc_sec, fs_type, proc_type;
### sysfs types
type sysfs_jack, sysfs_type, fs_type, mlstrustedobject;
type sysfs_v4l, sysfs_type, fs_type, mlstrustedobject;
-allow sysfs_type tmpfs:filesystem associate;
-
### data types
type display_vendor_data_file, file_type, data_file_type;
/dev/media[0-3]* u:object_r:camera_device:s0
/dev/m2m1shot_jpeg u:object_r:camera_device:s0
-/dev/mtp_usb* u:object_r:mtp_device:s0
-
/dev/__cbd_msg_ u:object_r:mif_device:s0
/dev/umts.* u:object_r:mif_device:s0
/dev/ehci_power u:object_r:mif_device:s0
# allow hal_fingerprint_default to communicate with various devices
-binder_call(system_app, hal_fingerprint_default);
+binder_call(system_app, hal_fingerprint_default)
# kernel fp device
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
genfscon proc /reset_reason u:object_r:proc_reset_reason:s0
genfscon proc /simslot_count u:object_r:proc_simslot_count:s0
+genfscon proc /bus/input/devices u:object_r:proc_input_devices:s0
+
# SEC devices
genfscon proc /sec_log u:object_r:proc_sec:s0
-#genfscon sysfs /class/sec/ u:object_r:sysfs_sec:s0
+#genfscon sysfs /class/sec u:object_r:sysfs_sec:s0
# Power supply devices
genfscon sysfs /devices/battery.20/power_supply u:object_r:sysfs_usb_supply:s0
# Input devices
genfscon sysfs /devices/i2c.23/i2c-5/5-0020/input/input2/enabled u:object_r:sysfs_input:s0
genfscon sysfs /devices/13850000.i2c/i2c-10/10-0050/input/input3/enabled u:object_r:sysfs_input:s0
-genfscon sysfs /devices/virtual/sec/sec_touchkey/ u:object_r:sysfs_input:s0
-genfscon sysfs /devices/virtual/sec/sec_key/ u:object_r:sysfs_input:s0
-genfscon sysfs /devices/virtual/sec/tsp/ u:object_r:sysfs_input:s0
-genfscon sysfs /devices/virtual/secgpio_check/ u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/sec/sec_touchkey u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/sec/sec_key u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/secgpio_check u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/input u:object_r:sysfs_input:s0
# A5 power supply devices
genfscon sysfs /devices/battery.43/power_supply u:object_r:sysfs_usb_supply:s0
genfscon sysfs /module/workqueue/parameters/power_efficient u:object_r:sysfs_devices_system_cpu:s0
# Camera
-genfscon sysfs /devices/virtual/camera/ u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/virtual/camera u:object_r:sysfs_camera:s0
# GPS
-genfscon sysfs /devices/virtual/sec/gps/ u:object_r:sysfs_gps:s0
+genfscon sysfs /devices/virtual/sec/gps u:object_r:sysfs_gps:s0
# Audio sysfs
-genfscon sysfs /devices/virtual/audio/earjack/ u:object_r:sysfs_jack:s0
+genfscon sysfs /devices/virtual/audio/earjack u:object_r:sysfs_jack:s0
# USB lun device
-genfscon sysfs /devices/13580000.usb/gadget/lun0/ u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/13580000.usb/gadget/lun0 u:object_r:sysfs_android_usb:s0
# MMC block device cache files
genfscon sysfs /devices/virtual/bdi/179:0/read_ahead_kb u:object_r:sysfs_block:s0
genfscon sysfs /devices/virtual/bdi/179:32/read_ahead_kb u:object_r:sysfs_block:s0
# ION
-genfscon sysfs /devices/virtual/ion_cma/ u:object_r:sysfs_ion:s0
+genfscon sysfs /devices/virtual/ion_cma u:object_r:sysfs_ion:s0
# Sensors
-genfscon sysfs /devices/virtual/sensors/ u:object_r:sysfs_sensors:s0
-genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0028/iio:device0/ u:object_r:sysfs_sensors:s0
-genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0068/iio:device1/ u:object_r:sysfs_sensors:s0
-genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-002e/iio:device2/ u:object_r:sysfs_sensors:s0
+genfscon sysfs /devices/virtual/sensors u:object_r:sysfs_sensors:s0
+genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0028/iio:device0 u:object_r:sysfs_sensors:s0
+genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0068/iio:device1 u:object_r:sysfs_sensors:s0
+genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-002e/iio:device2 u:object_r:sysfs_sensors:s0
genfscon sysfs /devices/13540000.dwmmc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmc:s0
genfscon sysfs /devices/virtual/net/rmnet3 u:object_r:sysfs_net:s0
genfscon sysfs /devices/14830000.decon_fb u:object_r:sysfs_graphics:s0
-genfscon sysfs /devices/14800000.dsim u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/14800000.dsim u:object_r:sysfs_graphics:s0
# video4linux
-genfscon sysfs /devices/12800000.mfc0/video4linux/ u:object_r:sysfs_v4l:s0
+genfscon sysfs /devices/12800000.mfc0/video4linux u:object_r:sysfs_v4l:s0
type gpsd, domain;
type gpsd_exec, exec_type, file_type;
-init_daemon_domain(gpsd);
+init_daemon_domain(gpsd)
# Automatically label files created in /data/system/gps as gps_data_file
file_type_auto_trans(gpsd, system_data_file, gps_data_file)
unix_socket_connect(gpsd, property, rild)
unix_socket_connect(gpsd, property, netd)
-allow gpsd system_server:unix_stream_socket { read write setopt };
+allow gpsd system_server:unix_stream_socket rw_socket_perms;
binder_call(gpsd, system_server)
binder_use(gpsd)
allow gpsd dnsproxyd_socket:sock_file write;
allow gpsd fwmarkd_socket:sock_file write;
allow gpsd gps_socket:sock_file create_file_perms;
-allow gpsd self:udp_socket { create bind connect read setopt write };
+allow gpsd self:udp_socket create_socket_perms;
# sysfs_gps
allow gpsd sysfs_gps:lnk_file read;
-allow gpsd sysfs_gps:file { open rw_file_perms getattr };
+allow gpsd sysfs_gps:file rw_file_perms;
# /dev/ttySAC3
-allow gpsd gps_device:chr_file { getattr setattr rw_file_perms };
-allow gpsd gps_data_file:dir { search write add_name remove_name rw_dir_perms };
-allow gpsd gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
+allow gpsd gps_device:chr_file { setattr rw_file_perms };
+allow gpsd gps_data_file:dir rw_dir_perms;
+allow gpsd gps_data_file:fifo_file create_file_perms;
allow gpsd sysfs_wake_lock:file rw_file_perms;
-allow gpsd sensorservice_service:service_manager { find };
+allow gpsd sensorservice_service:service_manager find;
# /dev/umts_boot0
allow gpsd mif_device:chr_file r_file_perms;
# TCP sockets
allow gpsd port:tcp_socket { name_connect name_bind };
-allow gpsd self:tcp_socket { bind read write connect create getopt };
+allow gpsd self:tcp_socket create_socket_perms;
allow gpsd node:tcp_socket node_bind;
# sec sysfs files
--- /dev/null
+# /dev/ttySAC3
+allow hal_bluetooth_default bluetooth_device:chr_file rw_file_perms;
+
+# /efs
+allow hal_bluetooth_default efs_file:dir search;
+r_dir_file(hal_bluetooth_default, bluetooth_efs_file)
-# hal_camera_default
allow hal_camera_default sysfs_camera:dir search;
allow hal_camera_default sysfs_camera:file rw_file_perms;
-# hal_drm_default
vndbinder_use(hal_drm_default)
# /dev/s5p-smem
-allow hal_drm_default secmem_device:chr_file { ioctl rw_file_perms };
+allow hal_drm_default secmem_device:chr_file rw_file_perms;
allow hal_drm_default tee:unix_stream_socket connectto;
allow hal_drm_default efs_file:dir search;
-allow hal_drm_default cpk_efs_file:file { getattr open read };
+allow hal_drm_default cpk_efs_file:file r_file_perms;
allow hal_drm_default media_data_file:file create_file_perms;
allow hal_drm_default media_data_file:dir create_dir_perms;
-# hal_fingerprint_default
allow hal_fingerprint_default sysfs_input:dir search;
allow hal_fingerprint_default sysfs_input:file rw_file_perms;
-
-# hal_drm_default
vndbinder_use(hal_gnss_default)
# Allow gnss to access the gpsd data files
-allow hal_gnss_default gps_data_file:dir { add_name write };
-allow hal_gnss_default gps_data_file:fifo_file { create open read setattr write };
+allow hal_gnss_default gps_data_file:dir w_dir_perms;
+allow hal_gnss_default gps_data_file:fifo_file create_file_perms;
-# hal_health_default
r_dir_file(hal_health_default, sysfs_usb_supply)
allow hal_health_default sysfs_usb_supply:file rw_file_perms;
-# hal_light_default
allow hal_light_default sysfs_light:dir search;
-allow hal_light_default sysfs_light:file { getattr write open read };
+allow hal_light_default sysfs_light:file rw_file_perms;
+
allow hal_light_default sysfs_graphics:dir search;
-allow hal_light_default sysfs_graphics:file { getattr write open read };
+allow hal_light_default sysfs_graphics:file rw_file_perms;
+
+allow hal_light_default sysfs_input:dir search;
+allow hal_light_default sysfs_input:lnk_file read;
+allow hal_light_default sysfs_input:file rw_file_perms;
+
allow hal_light_default sysfs_sec:dir search;
allow hal_light_default sysfs_sec:lnk_file read;
-allow hal_light_default sysfs_sec:file { getattr write open read };
+allow hal_light_default sysfs_sec:file rw_file_perms;
# Allow LiveDisplay to store files under /data/vendor/display and access them
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms;
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms;
+
# Allow LiveDisplay to read and write to files in sysfs_graphics, sysfs_mdnie
allow hal_lineage_livedisplay_sysfs {
sysfs_graphics
sysfs_mdnie
}:dir search;
+
allow hal_lineage_livedisplay_sysfs {
sysfs_graphics
sysfs_mdnie
-# hal_power_default
-
# Input devices
-allow hal_power_default sysfs_input:dir { open read search };
-allow hal_power_default sysfs_input:file { rw_file_perms };
+allow hal_power_default sysfs_input:dir r_dir_perms;
+allow hal_power_default sysfs_input:file rw_file_perms;
# CPU devices
allow hal_power_default sysfs_devices_system_cpu:dir search;
-# hal_wifi_default
allow hal_wifi_default efs_file:dir search;
+
allow hal_wifi_default wifi_efs_file:dir search;
-allow hal_wifi_default wifi_efs_file:file { open read };
+allow hal_wifi_default wifi_efs_file:file r_file_perms;
+
allow hal_wifi_default wifi_data_file:file r_file_perms;
+
allow hal_wifi_default sysfs_wifi:file write;
+++ /dev/null
-# hal_wifi_supplicant_default
-allow hal_wifi_supplicant_default proc_net:file write;
-# healthd
-allow healthd device:dir rw_dir_perms;
allow healthd rtc_device:chr_file rw_file_perms;
allow healthd sysfs_usb_supply:file rw_file_perms;
# /dev/block/mmcblk0p[0-9]
allow init emmcblk_device:blk_file rw_file_perms;
-allow init block_device:lnk_file { setattr };
+allow init block_device:lnk_file setattr;
allow init tmpfs:lnk_file create_file_perms;
# /sys/class/power_supply/battery and /sys/class/android_usb/android0
allow init sysfs_usb_supply:file { rw_file_perms setattr };
-# Shim libs
-allow init cameraserver:process noatsecure;
-allow init hal_fingerprint_default:process noatsecure;
-
# /data
allow init sdcardd_exec:file r_file_perms;
allow init sysfs_android_usb:file setattr;
# read/chown mDNIE symlinks
-allow init sysfs_mdnie:lnk_file { read setattr };
-allow init sysfs_mdnie:file { open write };
+allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
+allow init sysfs_mdnie:file rw_file_perms;
# read/chown camera firmware
allow init sysfs_camera:file { relabelto setattr };
allow init sysfs_graphics:file { rw_file_perms setattr };
allow init sysfs_light:file { rw_file_perms setattr };
allow init sysfs_light:lnk_file { rw_file_perms setattr };
-allow init sysfs_mdnie:file { setattr };
+allow init sysfs_mdnie:file setattr;
allow init sysfs_sec:file { rw_file_perms setattr };
allow init sysfs_sec:lnk_file read;
allow init sysfs_sensors:file { rw_file_perms setattr };
# /dev/mbin0
allow kernel emmcblk_device:blk_file r_file_perms;
-allow kernel device:blk_file { create setattr getattr unlink };
-# /bus/usb/001/001
-allow kernel device:dir { create write remove_name rmdir add_name };
-allow kernel device:chr_file { create setattr getattr unlink };
# /sys/devices/system/cpu/cpu[0-9]/cpufreq/*
-allow kernel sysfs_devices_system_cpu:file { setattr };
+allow kernel sysfs_devices_system_cpu:file setattr;
# /efs contents
allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:dir r_dir_perms;
allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:file rw_file_perms;
# /efs/wifi/.mac.info
-allow kernel wifi_efs_file:dir r_dir_perms;
-allow kernel wifi_efs_file:file r_file_perms;
+r_dir_file(kernel, wifi_efs_file);
# /data/misc/conn/.wifiver.info
allow kernel wifi_data_file:file rw_file_perms;
# Allow kernel to search tmpfs
allow kernel tmpfs:dir search;
+
+allow kernel self:capability sys_module;
allow mediacodec system_file:dir r_dir_perms;
# /sys/class/video4linux/*
-allow mediacodec sysfs_v4l:dir { open read search };
-allow mediacodec sysfs_v4l:file r_file_perms;
+r_dir_file(mediacodec, sysfs_v4l);
+++ /dev/null
-allow mediaextractor fuse:file { read getattr };
allow mediaserver efs_file:file r_file_perms;
# /dev/m2m1shot_jpeg
-allow mediaserver camera_device:chr_file { read write open getattr ioctl };
+allow mediaserver camera_device:chr_file rw_file_perms;
# Snap permissions
-allow mediaserver sensorservice_service:service_manager { find };
-allow mediaserver system_server:unix_stream_socket { read write };
+allow mediaserver sensorservice_service:service_manager find;
+allow mediaserver system_server:unix_stream_socket rw_stream_socket_perms;
allow netd self:capability sys_module;
allow netd gpsd:fd use;
-allow netd gpsd:udp_socket { read write getopt setopt };
-allow netd gpsd:tcp_socket { read write getopt setopt };
+allow netd gpsd:udp_socket rw_socket_perms;
+allow netd gpsd:tcp_socket rw_socket_perms;
+++ /dev/null
-allow nfc sec_efs_file:dir search;
-allow nfc efs_file:dir search;
# Allow rild to change perms
-allow rild self:capability { chown };
+allow rild self:capability chown;
# Allow additiional efs access
allow rild bin_nv_data_efs_file:file create_file_perms;
-allow rild imei_efs_file:dir r_dir_perms;
-allow rild imei_efs_file:file r_file_perms;
-allow rild app_efs_file:dir r_dir_perms;
-allow rild app_efs_file:file r_file_perms;
+r_dir_file(rild, imei_efs_file);
+r_dir_file(rild, app_efs_file);
-# /dev
-allow rild audioserver:dir r_dir_perms;
-# /proc/<pid>/cmdline
-allow rild audioserver:file r_file_perms;
+# audioserver
+r_dir_file(rild, audioserver);
# /dev/mbin0
allow rild block_device:dir r_dir_perms;
# /proc/sys/net/ipv6/conf/*/accept_ra_defrtr
allow rild proc_net:file rw_file_perms;
-allow rild gpsd:dir r_dir_perms;
-allow rild gpsd:file r_file_perms;
+r_dir_file(rild, gpsd);
allow rild proc_qtaguid_stat:file r_file_perms;
# rild reads /proc/pid/cmdline of mediaserver
-allow rild mediaserver:dir { open read search getattr };
-allow rild mediaserver:file { open read getattr };
+r_dir_file(rild, mediaserver);
# /data/misc/radio/*
allow rild radio_data_file:dir rw_dir_perms;
allow rild radio_data_file:lnk_file r_file_perms;
# sdcard/SDET_PLMN/input/MNCMCC.txt
-allow rild storage_file:dir { r_dir_perms };
-allow rild storage_file:lnk_file { r_file_perms };
-allow rild mnt_user_file:dir { r_dir_perms };
-allow rild mnt_user_file:lnk_file { r_file_perms };
+allow rild storage_file:dir r_dir_perms;
+allow rild storage_file:lnk_file r_file_perms;
+allow rild mnt_user_file:dir r_dir_perms;
+allow rild mnt_user_file:lnk_file r_file_perms;
# Modem firmware download
allow rild radio_block_device:blk_file r_file_perms;
allow rild knox_device:chr_file r_file_perms;
# /data/media/0
-allow rild media_rw_data_file:dir { open read search };
+allow rild media_rw_data_file:dir r_dir_perms;
init_daemon_domain(sswap);
-allow sswap sswap_device:blk_file { read write open };
-allow sswap rootfs:file { entrypoint read };
+allow sswap sswap_device:blk_file rw_file_perms;
+allow sswap sysfs_sswap:file rw_file_perms;
allow sswap block_device:dir search;
allow sswap self:capability sys_admin;
-allow sswap proc:file { open getattr read };
-allow sswap proc_meminfo:file { open read getattr };
-allow sswap property_socket:sock_file write;
-allow sswap init:unix_stream_socket connectto;
+allow sswap proc:file r_file_perms;
+allow sswap proc_meminfo:file r_file_perms;
-allow sswap properties_device:dir { read open };
-allow sswap proc_stat:dir { read open getattr };
-allow sswap proc_stat:file { read open getattr };
+allow sswap properties_device:dir r_dir_perms;
+r_dir_file(sswap, proc_stat);
set_prop(sswap, sswap_prop)
+++ /dev/null
-#TODO: r_dir_file(storaged, sysfs_mmc)
# HWC
allow surfaceflinger secmem_device:chr_file rw_file_perms;
-allow surfaceflinger sysfs_graphics:file { rw_file_perms };
+allow surfaceflinger sysfs_graphics:file rw_file_perms;
r_dir_file(surfaceflinger, sysfs_graphics)
\ No newline at end of file
# /dev/mbin0
allow system_server emmcblk_device:dir search;
-allow system_server emmcblk_device:blk_file { getattr ioctl open read write };
+allow system_server emmcblk_device:blk_file rw_file_perms;
# /efs
allow system_server efs_file:dir r_dir_perms;
allow system_server app_efs_file:file r_file_perms;
# WifiMachine
-allow system_server self:capability { sys_module };
+allow system_server self:capability sys_module;
allow system_server wifi_efs_file:dir r_dir_perms;
allow system_server wifi_efs_file:file r_file_perms;
#allow system_server sysfs_mdnie:dir rw_dir_perms;
allow system_server sysfs_mdnie:file rw_file_perms;
-# Lights
-allow system_server sysfs_light:file rw_file_perms;
-
# memtrack HAL
allow system_server debugfs:dir r_dir_perms;
allow system_server debugfs:file r_file_perms;
allow system_server gps_data_file:file create_file_perms;
# Bluetooth buildprop
-allow system_server bluetooth_prop:file read;
+get_prop(system_server, bluetooth_prop)
# Grpahics sysfs
allow system_server sysfs_graphics:file rw_file_perms;
# Input sysfs
allow system_server sysfs_input:file rw_file_perms;
+allow system_server proc_input_devices:file r_file_perms;
+
unix_socket_connect(system_server, property, gpsd)
-# mobicore
-
# /efs
allow tee { efs_file prov_efs_file }:dir r_dir_perms;
allow tee { efs_file prov_efs_file }:file r_file_perms;
# /dev/block/mmcblk0p[0-9]
-allow ueventd emmcblk_device:blk_file { ioctl read write create getattr setattr lock append unlink open };
+allow ueventd emmcblk_device:blk_file { relabelfrom relabelto create setattr unlink rw_file_perms };
# /sys/devices/virtual/misc/multipdp/uevent
allow ueventd sysfs_multipdp:file rw_file_perms;
-allow ueventd emmcblk_device:blk_file { relabelfrom relabelto create setattr unlink };
-
# read/chown camera firmware
-allow ueventd sysfs_camera:file { relabelto getattr rw_file_perms };
+allow ueventd sysfs_camera:file { relabelto rw_file_perms };
allow ueventd sysfs_camera:filesystem associate;
allow ueventd sysfs_usb_supply:file w_file_perms;
allow vold efs_file:dir r_dir_perms;
# /dev/block/mmcblk0p[0-9]
allow vold emmcblk_device:dir create_dir_perms;
-allow vold emmcblk_device:blk_file { ioctl read write create getattr setattr lock append unlink open };
+allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms };
allow vold sysfs_mmc:file w_file_perms;
r_dir_file(vold, proc_dt_firmware)
allow wifiloader proc:file r_file_perms;
allow wifiloader sysfs_wlan_fwpath:file setattr;
-allow wifiloader wifi_prop:property_service set;
-allow wifiloader wifi_data_file:file { open read write };
+allow wifiloader wifi_data_file:file rw_file_perms;
+set_prop(wifiloader, wifi_prop);
# /efs
allow wifiloader efs_file:dir search;
# /efs/wifi
allow wifiloader wifi_efs_file:dir search;
-allow wifiloader wifi_efs_file:file { open read };
+allow wifiloader wifi_efs_file:file r_file_perms;
# load .ko modules
-allow kernel self:capability sys_module;
allow wifiloader self:capability { chown sys_module };
projects / GitHub / LineageOS / android_device_samsung_universal7580-common.git / commitdiff