rockchip: sepolicy: minor update to supress logging

Signed-off-by: hmz007 <hmz007@gmail.com>
10 months ago · e51d722c37
parent 9763cafa83
commit e51d722c37
19 changed files with 79 additions and 4 deletions
--- a/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts
+++ b/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts
@ -12,3 +12,6 @@

 # Mali firmware
 /sys/module/firmware_class/parameters/path u:object_r:sysfs_gpu_fwpath:s0
+
+# Mali config
+/sys/module/bifrost_kbase/parameters/large_page_conf u:object_r:sysfs_gpu:s0
--- a/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts
+++ b/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts
@ -12,3 +12,6 @@

 # Mali firmware
 /sys/module/firmware_class/parameters/path u:object_r:sysfs_gpu_fwpath:s0
+
+# Mali config
+/sys/module/bifrost_kbase/parameters/large_page_conf u:object_r:sysfs_gpu:s0
--- a/device/rockchip/common/init.connectivity.rc
+++ b/device/rockchip/common/init.connectivity.rc
@ -54,8 +54,6 @@ on zygote-start
 #for nfc
    chmod 0660 /dev/bcm2079x
    chown nfc nfc /dev/bcm2079x
-    mkdir /data/nfc 0700 nfc nfc encryption=Require
-    mkdir /data/nfc/param 0700 nfc nfc encryption=Require

 on property:wlan.driver.status=ok
    chown wifi wifi /sys/module/bcmdhd/parameters/firmware_path
--- a/device/rockchip/common/rootdir/init.system.rc
+++ b/device/rockchip/common/rootdir/init.system.rc
@ -1,3 +1,7 @@
 on post-fs-data
    mkdir /data/misc/cfg_rockchip 0755 system system encryption=Require
    mkdir /data/vendor/rkalgo 0775 system system encryption=Require
+
+    # for nfc
+    mkdir /data/nfc 0700 nfc nfc encryption=Require
+    mkdir /data/nfc/param 0700 nfc nfc encryption=Require
--- a/device/rockchip/common/sepolicy/private/odrefresh.te
+++ b/device/rockchip/common/sepolicy/private/odrefresh.te
@ -0,0 +1,2 @@
+dontaudit odrefresh property_type:property_service *;
+dontaudit odrefresh property_type:file *;
--- a/device/rockchip/common/sepolicy/vendor/bootanim.te
+++ b/device/rockchip/common/sepolicy/vendor/bootanim.te
@ -7,3 +7,5 @@ dontaudit bootanim mnt_vendor_file:dir search;
 dontaudit bootanim system_data_file:dir read;
 dontaudit bootanim kernel:system module_request;
 rw_rockchip_graphic_device(bootanim)
+
+set_prop(bootanim, debug_prop)
--- a/device/rockchip/common/sepolicy/vendor/dumpstate.te
+++ b/device/rockchip/common/sepolicy/vendor/dumpstate.te
@ -1 +1,2 @@
 allow dumpstate sysfs_mmc:file r_file_perms;
+dontaudit dumpstate debugfs:file r_file_perms;
--- a/device/rockchip/common/sepolicy/vendor/file_contexts
+++ b/device/rockchip/common/sepolicy/vendor/file_contexts
@ -201,6 +201,8 @@
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/time           u:object_r:sysfs_rtc:s0
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/wakealarm      u:object_r:sysfs_rtc:s0
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/wakeup.*       u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/alarmtimer.*   u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/gpio-keys/wakeup/wakeup.*                         u:object_r:sysfs_wakeup:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/active_low                     u:object_r:sysfs_gpio:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/direction                      u:object_r:sysfs_gpio:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/edge                           u:object_r:sysfs_gpio:s0
@ -208,6 +210,11 @@
 /sys/devices/platform/f.*/pwm/.*export  u:object_r:sysfs_pwm:s0
 /sys/devices/platform/f.*/pwm0/.*       u:object_r:sysfs_pwm:s0

+/sys/devices/platform/simple-vin/power_supply/simple-vin/wakeup.*       u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_ac/wakeup.*                      u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_battery/wakeup.*                 u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_usb/wakeup.*                     u:object_r:sysfs_wakeup:s0
+
 #seekwave
 /dev/BTCMD           u:object_r:skwbt_device:s0
 /dev/BTDATA          u:object_r:skwbt_device:s0
--- a/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te
+++ b/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te
@ -6,3 +6,4 @@ allow hal_bluetooth_default proc:file { open write };
 binder_call(hal_bluetooth_default, zygote)
 allow hal_bluetooth_default skwbt_device:chr_file { read write open ioctl };
 allow hal_bluetooth_default bluetooth_data_file:file { read };
+allow hal_bluetooth_btlinux sysfs:file write;
--- a/device/rockchip/common/sepolicy/vendor/hal_power_default.te
+++ b/device/rockchip/common/sepolicy/vendor/hal_power_default.te
@ -12,3 +12,4 @@ dontaudit hal_power_default self:capability dac_override;

 get_prop(hal_power_default, vendor_boot_complete_prop)
 get_prop(hal_power_default, vendor_power_prop)
+get_prop(hal_power_default, vendor_sculptor_prop)
--- a/device/rockchip/common/sepolicy/vendor/rk_output_hal.te
+++ b/device/rockchip/common/sepolicy/vendor/rk_output_hal.te
@ -18,6 +18,9 @@ allow rk_output_hal vendor_system_public_prop:property_service { set };
 allow rk_output_hal vendor_data_file:dir { read open write getattr create add_name remove_name };
 allow rk_output_hal vendor_data_file:file { read open write create getattr unlink };
 allow rk_output_hal vendor_tv_input_prop:property_service { set };
+allow rk_output_hal vendor_rkalgo_data_file:dir r_dir_perms;
+allow rk_output_hal vendor_rkalgo_data_file:file r_file_perms;
+
 binder_call(rk_output_hal,hwservicemanager)
 binder_call(rk_output_hal,system_server)
 get_prop(rk_output_hal,hwservicemanager_prop)
--- a/device/rockchip/common/sepolicy/vendor/surfaceflinger.te
+++ b/device/rockchip/common/sepolicy/vendor/surfaceflinger.te
@ -13,3 +13,5 @@ allow surfaceflinger unlabeled:filesystem { getattr };
 # for video formate 10bit to 8bit by rga
 rw_rockchip_graphic_device(surfaceflinger)
 binder_call(surfaceflinger, zygote)
+
+set_prop(surfaceflinger, debug_prop)
--- a/device/rockchip/common/sepolicy/vendor/usb_dongle.te
+++ b/device/rockchip/common/sepolicy/vendor/usb_dongle.te
@ -11,5 +11,7 @@ allow usb_dongle vendor_shell_exec:file execute_no_trans;
 allow usb_dongle self:netlink_kobject_uevent_socket { bind getopt };
 allow usb_dongle sysfs:dir { open read };
 allow usb_dongle sysfs:file { getattr open read };
+allow usb_dongle sysfs_net:dir { open read search };
+allow usb_dongle sysfs_net:file { getattr open read };
 allow usb_dongle usb_device:chr_file { ioctl open read write };
 allow usb_dongle usb_device:dir search;
--- a/device/rockchip/common/sepolicy/vendor/vold.te
+++ b/device/rockchip/common/sepolicy/vendor/vold.te
@ -19,3 +19,8 @@ allow vold vendor_incremental_module:system module_load;
 allowxperm vold vold_device:blk_file ioctl {
  BLKDISCARD BLKGETSIZE BLKROGET
 };
+
+#for mke2fs
+allowxperm vold dm_device:blk_file ioctl {
+  BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
--- a/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts
+++ b/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts
@ -1,9 +1,15 @@
+
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk805-pwrkey/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0   u:object_r:sysfs_rtc:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/alarmtimer.1.auto/wakeup    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/date        u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/time        u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/wakealarm   u:object_r:sysfs_rtc:s0
 genfscon sysfs /devices/platform/fdea0400.vdpu/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdeb0000.rk_rga/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fded0000.jpegd/wakeup  u:object_r:sysfs_wakeup:s0
@ -46,5 +52,10 @@ genfscon sysfs /devices/platform/fd840000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fd8c0000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fd880000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fcc00000.usb            u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/fcc00000.usb/usb_role   u:object_r:sysfs:s0
+genfscon sysfs /devices/platform/3c0000000.pcie          u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/3c0000000.pcie/wakeup	 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/3c0400000.pcie          u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/3c0400000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/usbhost                 u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe0a0000.hdmi/uevent   u:object_r:sysfs_extcon:s0
--- a/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te
+++ b/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te
@ -14,6 +14,5 @@ allow rknn_server gpu_device:chr_file { open getattr read write ioctl map};
 dontaudit rknn_server self:capability { sys_admin dac_override };
 set_prop(rknn_server, vendor_rknn_prop);
 get_prop(rknn_server, vendor_rknn_prop);
-get_prop(vendor-rknn-hal, vendor_rknn_prop);

 dontaudit rknn_server sysfs:file rw_file_perms;
--- a/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts
+++ b/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts
@ -3,6 +3,7 @@ genfscon sysfs /devices/platform/fd5d0000.syscon/fd5d0000.syscon:usb2-phy@0/extc
 genfscon sysfs /devices/platform/fd5d8000.syscon/fd5d8000.syscon:usb2-phy@8000/extcon   u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdb50000.vepu/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb50400.vdpu/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fdb51000.avsd-plus/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb60000.rga/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb70000.rga/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb80000.rga/wakeup    u:object_r:sysfs_wakeup:s0
@ -17,6 +18,7 @@ genfscon sysfs /devices/platform/fdbe0000.rkvenc-core/wakeup    u:object_r:sysfs
 genfscon sysfs /devices/platform/fdc30000.rkvdec-ccu/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdc38100.rkvdec-core/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdc48100.rkvdec-core/wakeup    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fdc70000.av1d/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fde80000.hdmi/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdea0000.hdmi/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdee0000.hdmirx-controller/extcon     u:object_r:sysfs_extcon:s0
@ -25,6 +27,7 @@ genfscon sysfs /devices/platform/fd5d4000.syscon/fd5d4000.syscon:usb2-phy@4000/e
 genfscon sysfs /devices/platform/fde50000.dp/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fde60000.dp/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdec0000.edp/extcon    u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/fe180000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fe190000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fe2e0000.mmc/mmc_host/mmc0     u:object_r:sysfs_mmc:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-0051/rtc/rtc0     u:object_r:sysfs_rtc:s0
@ -35,7 +38,10 @@ genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-0062/power_supply/cw2015-b
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/power_supply/bq25700-charger u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/power_supply/bq25700-charger/wakeup17        u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/feb20000.spi/spi_master/spi2/spi2.0/rk805-pwrkey.1.auto/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feb20000.spi/spi_master/spi2/spi2.0/rk805-pwrkey.2.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fec80000.i2c/i2c-6/6-0022/power_supply/tcpm-source-psy-6-0022  u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/fec80000.i2c/i2c-6/6-0022/power_supply/tcpm-source-psy-6-0022/wakeup5  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feca0000.i2c/i2c-8/8-0022/power_supply/tcpm-source-psy-8-0022  u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/feca0000.i2c/i2c-8/8-0022/power_supply/tcpm-source-psy-8-0022/wakeup24 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/usbdrd3_0/fc000000.usb/wakeup  u:object_r:sysfs_wakeup:s0
@ -47,3 +53,4 @@ genfscon sysfs /devices/platform/fdee0000.hdmirx-controller/uevent   u:object_r:
 genfscon sysfs /devices/platform/fe1b0000.ethernet/net   u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe1c0000.ethernet/net   u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe180000.pcie   u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/fe190000.pcie   u:object_r:sysfs_net:s0
--- a/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te
+++ b/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te
@ -9,3 +9,23 @@ allow pq_init sysfs:file { read };
 allow pq_init sysfs_dev:file { read open };
 allow pq_init device:dir { search open read };
 allow pq_init gpu_device:chr_file { open read write getattr ioctl map };
+
+allow pq_init block_device:dir r_dir_perms;
+allow pq_init baseparameter_block_device:blk_file rw_file_perms;
+allow pq_init sysfs_nvmem:file { open read getattr };
+allow pq_init sysfs_gpu:file { open read getattr };
+
+allow pq_init vendor_rkalgo_data_file:dir rw_dir_perms;
+allow pq_init vendor_rkalgo_data_file:file { rw_file_perms create };
+dontaudit pq_init system_data_root_file:dir { add_name create write };
+dontaudit pq_init system_data_root_file:file rw_file_perms;
+
+dontaudit pq_init default_prop:file r_file_perms;
+dontaudit pq_init system_prop:file r_file_perms;
+dontaudit pq_init vendor_default_prop:property_service set;
+# set_prop(pq_init, vendor_default_prop)
+
+get_prop(pq_init, vendor_default_prop)
+get_prop(pq_init, vendor_tv_input_prop)
+set_prop(pq_init, vendor_tv_input_prop)
+get_prop(pq_init, vendor_system_public_prop)
--- a/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te
+++ b/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te
@ -1,8 +1,12 @@
 allow hal_usb_gadget_default configfs:dir { create rmdir };
 allow hal_usb_gadget_default functionfs:dir { watch watch_reads };
-allow hal_usb_gadget_default sysfs:file r_file_perms;
+allow hal_usb_gadget_default sysfs:dir r_dir_perms;
+allow hal_usb_gadget_default sysfs:file rw_file_perms;
 allow hal_usb_gadget_default sysfs_udc:dir r_dir_perms;
 allow hal_usb_gadget_default sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_default sysfs_net:dir r_dir_perms;
+
+dontaudit hal_usb_gadget_default system_prop:file r_file_perms;

 get_prop(hal_usb_gadget_default, vendor_usb_prop)
 get_prop(hal_usb_gadget_default, usb_control_prop)