From: Nolen Johnson <johnsonnolen@gmail.com>
Date: Thu, 25 Apr 2024 03:43:44 +0000 (-0400)
Subject: exynos9610: sepolicy: Address the last outstanding denials
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b47d6e216e74c94eec4d83596a194e1549282f27;p=GitHub%2FLineageOS%2Fandroid_device_motorola_exynos9610-common.git

exynos9610: sepolicy: Address the last outstanding denials

Change-Id: I1b6d2ed981974def5716dab29dc8c84fe1e4f93d
---

diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index badcddb..bfdab66 100644
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -1,4 +1,4 @@
-allow kernel self:capability mknod;
+allow kernel self:capability { kill mknod };
 
 # macros would grant too many perms which run into neverallows
 allow kernel device:chr_file { create getattr setattr unlink };
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index c1c1025..0e6df2d 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,3 +1,5 @@
+vendor_public_prop(deprecated_soc_prop)
+dontaudit domain deprecated_soc_prop:file *;
 vendor_public_prop(vendor_audio_prop)
 vendor_public_prop(vendor_camera_prop)
 vendor_public_prop(vendor_ims_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index b83686f..0ebb814 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -13,6 +13,9 @@ vendor.charon.route                 u:object_r:vendor_ims_prop:s0
 custom.charon.status                u:object_r:vendor_ims_prop:s0
 vendor.pktrouter                    u:object_r:vendor_ims_prop:s0
 
+# Chip
+ro.hardware.chipname                u:object_r:deprecated_soc_prop:s0 exact string
+
 # HWC
 ro.vendor.ddk.set.afbc              u:object_r:vendor_hwc_prop:s0
 ro.vendor.winupdate                 u:object_r:vendor_hwc_prop:s0