mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
100 lines
4.1 KiB
Diff
100 lines
4.1 KiB
Diff
From 513a0c7562b5f15852090cf4ba3b9e4321e03102 Mon Sep 17 00:00:00 2001
|
|
From: Sashko <sashko506@gmail.com>
|
|
Date: Sun, 3 Nov 2019 01:47:42 +0200
|
|
Subject: [PATCH] sepolicy: Resolve init denials
|
|
|
|
* denied { setattr } for name=state dev=sysfs ino=9120 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_bluetooth_writable:s0 tclass=file permissive=1
|
|
|
|
* denied { setattr } for name=hpd dev=sysfs ino=11773 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=file permissive=1
|
|
|
|
* denied { setattr } for pid=1 comm=init name=firmware_path dev=sysfs ino=5881 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0 tclass=file permissive=1
|
|
|
|
* denied { setattr } for name=file dev=sysfs ino=15720 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
|
|
|
|
* denied { write } for name=boot dev=sysfs ino=8899 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
|
|
|
|
* denied { open } for name=boot dev=sysfs ino=8899 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
|
|
|
|
Change-Id: I2f35267ea74a5646bb423192162752e44aa51064
|
|
---
|
|
sepolicy/file.te | 5 +++++
|
|
sepolicy/file_contexts | 23 ++++++++++++++++++++++-
|
|
sepolicy/init.te | 17 +++++++++++++++++
|
|
3 files changed, 44 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/sepolicy/file.te b/sepolicy/file.te
|
|
index 34eb6229..0c1a3820 100644
|
|
--- a/sepolicy/file.te
|
|
+++ b/sepolicy/file.te
|
|
@@ -26,3 +26,8 @@ type sysfs_mpdecision, fs_type, sysfs_type;
|
|
type sysfs_surfaceflinger, fs_type, sysfs_type;
|
|
type sysfs_smdcntl_open_timeout, fs_type, sysfs_type;
|
|
type sysfs_soc, fs_type, sysfs_type;
|
|
+type sysfs_adsp, fs_type, sysfs_type;
|
|
+type sysfs_thermal_control, fs_type, sysfs_type;
|
|
+type sysfs_ssr_toggle, fs_type, sysfs_type;
|
|
+type sysfs_ramdump, fs_type, sysfs_type;
|
|
+type sysfs_irq, fs_type, sysfs_type;
|
|
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
|
|
index 7cb352a2..602f1753 100644
|
|
--- a/sepolicy/file_contexts
|
|
+++ b/sepolicy/file_contexts
|
|
@@ -162,11 +162,32 @@
|
|
#sysfs - net
|
|
/sys/devices/virtual/net(/.*)? u:object_r:sysfs_net:s0
|
|
|
|
+/sys/devices/mdp\.0/qcom,mdss_fb_primary.160/leds/lcd-backlight/brightness u:object_r:sysfs_leds:s0
|
|
+/sys/devices/leds-qpnp-23/leds(/.*)? u:object_r:sysfs_leds:s0
|
|
+
|
|
+/sys/kernel/boot_adsp/boot u:object_r:sysfs_adsp:s0
|
|
+
|
|
+/sys/module/msm_thermal/core_control/enabled u:object_r:sysfs_thermal_control:s0
|
|
+
|
|
+/sys/devices/fe200000\.qcom,lpass/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
|
|
+/sys/devices/fc880000\.qcom,mss/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
|
|
+/sys/devices/fdce0000\.qcom,venus/subsys[0-2]/restart_level u:object_r:sysfs_ssr_toggle:s0
|
|
+
|
|
+/sys/module/subsystem_restart/parameters/enable_ramdumps u:object_r:sysfs_ramdump:s0
|
|
+
|
|
+/sys/devices/msm_dwc3/f9200000\.dwc3/gadget/lun[0-9]+(/.*)? u:object_r:sysfs_android_usb:s0
|
|
+
|
|
# Sysfs files used by qmuxd
|
|
/sys/devices/virtual/smdpkt/smdcntl([0-9])+/open_timeout u:object_r:sysfs_smdcntl_open_timeout:s0
|
|
|
|
# Bluetooth
|
|
-/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
|
+/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
|
+/sys/devices/platform/bluetooth_rfkill/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
|
|
+
|
|
+/sys/module/lpm_resources/enable_low_power(/.*)? u:object_r:sysfs_mpdecision:s0
|
|
+
|
|
+/sys/module/slimport/parameters/enable_irq u:object_r:sysfs_irq:s0
|
|
+/sys/module/msm_show_resume_irq/parameters/debug_mask u:object_r:sysfs_irq:s0
|
|
|
|
# Thermal engine
|
|
/dev/msm_thermal_query u:object_r:thermal_engine_device:s0
|
|
diff --git a/sepolicy/init.te b/sepolicy/init.te
|
|
index 3aa81d1b..05a26d5b 100644
|
|
--- a/sepolicy/init.te
|
|
+++ b/sepolicy/init.te
|
|
@@ -1 +1,18 @@
|
|
allow init tmpfs:lnk_file create_file_perms;
|
|
+
|
|
+allow init {
|
|
+ sysfs_bluetooth_writable
|
|
+ sysfs_leds
|
|
+ sysfs_surfaceflinger
|
|
+ sysfs_wlan_fwpath
|
|
+ }:file setattr;
|
|
+
|
|
+allow init {
|
|
+ sysfs_adsp
|
|
+ sysfs_devices_system_cpu
|
|
+ sysfs_mpdecision
|
|
+ sysfs_irq
|
|
+ sysfs_ramdump
|
|
+ sysfs_ssr_toggle
|
|
+ sysfs_thermal_control
|
|
+ }:file w_file_perms;
|
|
\ No newline at end of file
|