Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-03 10:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
c3b07f5e01
DivestOS/Patches/LineageOS-16.0/android_device_lge_hammerhead/263107.patch

100 lines
4.1 KiB
Diff
Raw Blame History

From 513a0c7562b5f15852090cf4ba3b9e4321e03102 Mon Sep 17 00:00:00 2001
From: Sashko <sashko506@gmail.com>
Date: Sun, 3 Nov 2019 01:47:42 +0200
Subject: [PATCH] sepolicy: Resolve init denials
* denied { setattr } for name=state dev=sysfs ino=9120 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_bluetooth_writable:s0 tclass=file permissive=1
* denied { setattr } for name=hpd dev=sysfs ino=11773 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=file permissive=1
* denied { setattr } for pid=1 comm=init name=firmware_path dev=sysfs ino=5881 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0 tclass=file permissive=1
* denied { setattr } for name=file dev=sysfs ino=15720 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
* denied { write } for name=boot dev=sysfs ino=8899 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
* denied { open } for name=boot dev=sysfs ino=8899 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
Change-Id: I2f35267ea74a5646bb423192162752e44aa51064
---
sepolicy/file.te | 5 +++++
sepolicy/file_contexts | 23 ++++++++++++++++++++++-
sepolicy/init.te | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 34eb6229..0c1a3820 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -26,3 +26,8 @@ type sysfs_mpdecision, fs_type, sysfs_type;
type sysfs_surfaceflinger, fs_type, sysfs_type;
type sysfs_smdcntl_open_timeout, fs_type, sysfs_type;
type sysfs_soc, fs_type, sysfs_type;
+type sysfs_adsp, fs_type, sysfs_type;
+type sysfs_thermal_control, fs_type, sysfs_type;
+type sysfs_ssr_toggle, fs_type, sysfs_type;
+type sysfs_ramdump, fs_type, sysfs_type;
+type sysfs_irq, fs_type, sysfs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 7cb352a2..602f1753 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -162,11 +162,32 @@
#sysfs - net
/sys/devices/virtual/net(/.*)? u:object_r:sysfs_net:s0
+/sys/devices/mdp\.0/qcom,mdss_fb_primary.160/leds/lcd-backlight/brightness u:object_r:sysfs_leds:s0
+/sys/devices/leds-qpnp-23/leds(/.*)? u:object_r:sysfs_leds:s0
+
+/sys/kernel/boot_adsp/boot u:object_r:sysfs_adsp:s0
+
+/sys/module/msm_thermal/core_control/enabled u:object_r:sysfs_thermal_control:s0
+
+/sys/devices/fe200000\.qcom,lpass/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
+/sys/devices/fc880000\.qcom,mss/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
+/sys/devices/fdce0000\.qcom,venus/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
+
+/sys/module/subsystem_restart/parameters/enable_ramdumps u:object_r:sysfs_ramdump:s0
+
+/sys/devices/msm_dwc3/f9200000\.dwc3/gadget/lun[0-9]+(/.*)? u:object_r:sysfs_android_usb:s0
+
# Sysfs files used by qmuxd
/sys/devices/virtual/smdpkt/smdcntl([0-9])+/open_timeout u:object_r:sysfs_smdcntl_open_timeout:s0
# Bluetooth
-/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
+
+/sys/module/lpm_resources/enable_low_power(/.*)? u:object_r:sysfs_mpdecision:s0
+
+/sys/module/slimport/parameters/enable_irq u:object_r:sysfs_irq:s0
+/sys/module/msm_show_resume_irq/parameters/debug_mask u:object_r:sysfs_irq:s0
# Thermal engine
/dev/msm_thermal_query u:object_r:thermal_engine_device:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 3aa81d1b..05a26d5b 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1 +1,18 @@
allow init tmpfs:lnk_file create_file_perms;
+
+allow init {
+ sysfs_bluetooth_writable
+ sysfs_leds
+ sysfs_surfaceflinger
+ sysfs_wlan_fwpath
+ }:file setattr;
+
+allow init {
+ sysfs_adsp
+ sysfs_devices_system_cpu
+ sysfs_mpdecision
+ sysfs_irq
+ sysfs_ramdump
+ sysfs_ssr_toggle
+ sysfs_thermal_control
+ }:file w_file_perms;
\ No newline at end of file
Reference in New Issue View Git Blame Copy Permalink