diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index bbddaea1..bb759942 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -15,7 +15,7 @@ /dev/msm_vpe_standalone u:object_r:video_device:s0 /dev/smd2 u:object_r:hci_attach_dev:s0 /dev/smd3 u:object_r:hci_attach_dev:s0 -/dev/smd([0-9])+ u:object_r:smd_device:s0 +#/dev/smd([0-9])+ u:object_r:smd_device:s0 /dev/smdcntl[0-7] u:object_r:radio_device:s0 /dev/socket/tad u:object_r:tad_socket:s0 /dev/socket/wifihal(/.*)? u:object_r:wifihal_socket:s0 @@ -23,10 +23,10 @@ # /system /system/bin/hci_qcomm_init u:object_r:hci_attach_exec:s0 -/system/bin/irsc_util u:object_r:irsc_util_exec:s0 -/system/bin/netmgrd u:object_r:netmgrd_exec:s0 -/system/bin/qmuxd u:object_r:qmuxd_exec:s0 -/system/bin/rmt_storage u:object_r:rmt_storage_exec:s0 +#/system/bin/irsc_util u:object_r:irsc_util_exec:s0 +#/system/bin/netmgrd u:object_r:netmgrd_exec:s0 +#/system/bin/qmuxd u:object_r:qmuxd_exec:s0 +#/system/bin/rmt_storage u:object_r:rmt_storage_exec:s0 /system/bin/secchand u:object_r:secchand_exec:s0 /system/bin/ta_qmi_service u:object_r:ta_qmi_service_exec:s0 /system/bin/updatemiscta u:object_r:updatemiscta_exec:s0 @@ -73,10 +73,10 @@ /sys/devices/i2c-10/10-0047/sequencer([1-3])+_run_mode u:object_r:sysfs_leds:s0 /sys/devices/i2c-10/10-0047/sequencer_load u:object_r:sysfs_leds:s0 /sys/devices/i2c-10/10-0053(/.*)? u:object_r:sysfs_camera_torch:s0 -/sys/devices/i2c-12/12-0019/pollrate_ms u:object_r:sysfs_sensors:s0 -/sys/devices/i2c-12/12-0019/power/autosuspend_delay_ms u:object_r:sysfs_sensors:s0 -/sys/devices/i2c-12/12-006b/pollrate_ms u:object_r:sysfs_sensors:s0 -/sys/devices/i2c-12/12-006b/range u:object_r:sysfs_sensors:s0 +#/sys/devices/i2c-12/12-0019/pollrate_ms u:object_r:sysfs_sensors:s0 +#/sys/devices/i2c-12/12-0019/power/autosuspend_delay_ms u:object_r:sysfs_sensors:s0 +#/sys/devices/i2c-12/12-006b/pollrate_ms u:object_r:sysfs_sensors:s0 +#/sys/devices/i2c-12/12-006b/range u:object_r:sysfs_sensors:s0 /sys/devices/i2c-12/12-0054(/.*)? u:object_r:sysfs_proximity_sensor:s0 /sys/devices/i2c-.*/name u:object_r:sysfs_i2c_name:s0 /sys/devices/i2c-.*/.*-.*/name u:object_r:sysfs_i2c_name:s0 @@ -100,18 +100,18 @@ /sys/devices/platform/msm_sharedmem/uio(/.*)? u:object_r:sysfs_rmtfs:s0 /sys/devices/platform/msmgpio/gpio(/.*)? u:object_r:sysfs_gpio:s0 /sys/devices/platform/wcnss_wlan.0/serial_number u:object_r:sysfs_mac_serial:s0 -/sys/devices/platform/wcnss_wlan.0/wcnss_mac_addr u:object_r:sysfs_mac_address:s0 +#/sys/devices/platform/wcnss_wlan.0/wcnss_mac_addr u:object_r:sysfs_mac_address:s0 /sys/devices/system/soc/soc0/hw_platform u:object_r:sysfs_system_soc:s0 /sys/devices/system/soc/soc0/id u:object_r:sysfs_system_soc:s0 -/sys/devices/virtual/graphics/fb([0-3])+/format_3d u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_fps_level u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-3])+/video_mode u:object_r:sysfs_graphics:s0 +#/sys/devices/virtual/graphics/fb([0-3])+/format_3d u:object_r:sysfs_graphics:s0 +#/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_fps_level u:object_r:sysfs_graphics:s0 +#/sys/devices/virtual/graphics/fb([0-3])+/video_mode u:object_r:sysfs_graphics:s0 /sys/devices/virtual/input u:object_r:sysfs_input_devices:s0 -/sys/devices/virtual/input/input[0-9]+/interval u:object_r:sysfs_sensors:s0 +#/sys/devices/virtual/input/input[0-9]+/interval u:object_r:sysfs_sensors:s0 /sys/devices/virtual/input/input[0-9]+/name u:object_r:sysfs_input_devices:s0 -/sys/devices/virtual/input/input[0-9]+/registers u:object_r:sysfs_sensors:s0 +#/sys/devices/virtual/input/input[0-9]+/registers u:object_r:sysfs_sensors:s0 /sys/devices/virtual/timed_output/vibrator/level u:object_r:sysfs_vibrator:s0 -/sys/module/cpu_boost/parameters(/.*)? u:object_r:sysfs_cpu_boost:s0 +#/sys/module/cpu_boost/parameters(/.*)? u:object_r:sysfs_cpu_boost:s0 /sys/module/hci_smd/parameters/hcismd_set u:object_r:sysfs_bluetooth_control:s0 /sys/module/msm_thermal/core_control/enabled u:object_r:sysfs_thermal_control:s0 /sys/module/msm_thermal/parameters/enabled u:object_r:sysfs_thermal_control:s0 diff --git a/sepolicy/flags_health_check.te b/sepolicy/flags_health_check.te index ca625730..e69de29b 100644 --- a/sepolicy/flags_health_check.te +++ b/sepolicy/flags_health_check.te @@ -1,119 +0,0 @@ -get_prop(flags_health_check, alarm_boot_prop) -get_prop(flags_health_check, alarm_handled_prop) -get_prop(flags_health_check, alarm_instance_prop) -get_prop(flags_health_check, apexd_prop) -get_prop(flags_health_check, bg_boot_complete_prop) -get_prop(flags_health_check, bg_daemon_prop) -get_prop(flags_health_check, bluetooth_prop) -get_prop(flags_health_check, boot_animation_prop) -get_prop(flags_health_check, boot_mode_prop) -get_prop(flags_health_check, bootloader_boot_reason_prop) -get_prop(flags_health_check, boottime_prop) -get_prop(flags_health_check, bpf_progs_loaded_prop) -get_prop(flags_health_check, bservice_prop) -get_prop(flags_health_check, camera_prop) -get_prop(flags_health_check, coresight_prop) -get_prop(flags_health_check, crash_prop) -get_prop(flags_health_check, ctl_adbd_prop) -get_prop(flags_health_check, ctl_bootanim_prop) -get_prop(flags_health_check, ctl_bugreport_prop) -get_prop(flags_health_check, ctl_console_prop) -get_prop(flags_health_check, ctl_default_prop) -get_prop(flags_health_check, ctl_dumpstate_prop) -get_prop(flags_health_check, ctl_fuse_prop) -get_prop(flags_health_check, ctl_gsid_prop) -get_prop(flags_health_check, ctl_hbtp_prop) -get_prop(flags_health_check, ctl_interface_restart_prop) -get_prop(flags_health_check, ctl_interface_start_prop) -get_prop(flags_health_check, ctl_interface_stop_prop) -get_prop(flags_health_check, ctl_LKCore_prop) -get_prop(flags_health_check, ctl_mdnsd_prop) -get_prop(flags_health_check, ctl_netmgrd_prop) -get_prop(flags_health_check, ctl_port-bridge_prop) -get_prop(flags_health_check, ctl_qmuxd_prop) -get_prop(flags_health_check, ctl_restart_prop) -get_prop(flags_health_check, ctl_rildaemon_prop) -get_prop(flags_health_check, ctl_sigstop_prop) -get_prop(flags_health_check, ctl_start_prop) -get_prop(flags_health_check, ctl_stop_prop) -get_prop(flags_health_check, ctl_thermal-engine_prop) -get_prop(flags_health_check, ctl_vendor_imsrcsservice_prop) -get_prop(flags_health_check, ctl_vendor_wigigsvc_prop) -get_prop(flags_health_check, device_logging_prop) -get_prop(flags_health_check, diag_mdlog_prop) -get_prop(flags_health_check, dolby_prop) -get_prop(flags_health_check, dumpstate_options_prop) -get_prop(flags_health_check, dynamic_system_prop) -get_prop(flags_health_check, firstboot_prop) -get_prop(flags_health_check, fm_prop) -get_prop(flags_health_check, freq_prop) -get_prop(flags_health_check, fst_prop) -get_prop(flags_health_check, gamed_prop) -get_prop(flags_health_check, graphics_vulkan_prop) -get_prop(flags_health_check, gsid_prop) -get_prop(flags_health_check, heapprofd_enabled_prop) -get_prop(flags_health_check, hwservicemanager_prop) -get_prop(flags_health_check, hwui_prop) -get_prop(flags_health_check, ipacm_prop) -get_prop(flags_health_check, ipacm-diag_prop) -get_prop(flags_health_check, ipacm) -get_prop(flags_health_check, last_boot_reason_prop) -get_prop(flags_health_check, llkd_prop) -get_prop(flags_health_check, location_prop) -get_prop(flags_health_check, logpersistd_logging_prop) -get_prop(flags_health_check, lowpan_prop) -get_prop(flags_health_check, lpdumpd_prop) -get_prop(flags_health_check, mdm_helper_prop) -get_prop(flags_health_check, mmc_prop) -get_prop(flags_health_check, mmi_prop) -get_prop(flags_health_check, mpdecision_prop) -get_prop(flags_health_check, msm_irqbalance_prop) -get_prop(flags_health_check, msm_irqbl_sdm630_prop) -get_prop(flags_health_check, net_dns_prop) -get_prop(flags_health_check, netd_prop) -get_prop(flags_health_check, netd_stable_secret_prop) -get_prop(flags_health_check, nfc_nq_prop) -get_prop(flags_health_check, nnapi_ext_deny_product_prop) -get_prop(flags_health_check, opengles_prop) -get_prop(flags_health_check, overlay_prop) -get_prop(flags_health_check, per_mgr_state_prop) -get_prop(flags_health_check, perfd_prop) -get_prop(flags_health_check, persistent_properties_ready_prop) -get_prop(flags_health_check, postprocessing_prop) -get_prop(flags_health_check, ppd_prop) -get_prop(flags_health_check, qcom_ims_prop) -get_prop(flags_health_check, qdma_prop) -get_prop(flags_health_check, qemu_gles_prop) -get_prop(flags_health_check, qti_prop) -get_prop(flags_health_check, reschedule_service_prop) -get_prop(flags_health_check, rmnet_mux_prop) -get_prop(flags_health_check, safemode_prop) -get_prop(flags_health_check, scr_enabled_prop) -get_prop(flags_health_check, sdm_idle_time_prop) -get_prop(flags_health_check, sensors_prop) -get_prop(flags_health_check, serialno_prop) -get_prop(flags_health_check, spcomlib_prop) -get_prop(flags_health_check, sys_usb_configfs_prop) -get_prop(flags_health_check, sys_usb_controller_prop) -get_prop(flags_health_check, sys_usb_tethering_prop) -get_prop(flags_health_check, system_boot_reason_prop) -get_prop(flags_health_check, system_lmk_prop) -get_prop(flags_health_check, system_trace_prop) -get_prop(flags_health_check, test_boot_reason_prop) -get_prop(flags_health_check, theme_prop) -get_prop(flags_health_check, time_prop) -get_prop(flags_health_check, traced_enabled_prop) -get_prop(flags_health_check, traced_lazy_prop) -get_prop(flags_health_check, uicc_prop) -get_prop(flags_health_check, updatemiscta_prop) -get_prop(flags_health_check, usf_prop) -get_prop(flags_health_check, vendor_mpctl_prop) -get_prop(flags_health_check, vendor_rild_libpath_prop) -get_prop(flags_health_check, vendor_system_prop) -get_prop(flags_health_check, vendor_wifi_prop) -get_prop(flags_health_check, vendor_wifi_version) -get_prop(flags_health_check, vm_bms_prop) -get_prop(flags_health_check, wifi_prop) -get_prop(flags_health_check, wififtmd_prop) -get_prop(flags_health_check, wigig_prop) -get_prop(flags_health_check, xlat_prop) diff --git a/sepolicy/fm_dl.te b/sepolicy/fm_dl.te index fee64cbe..02086fb5 100644 --- a/sepolicy/fm_dl.te +++ b/sepolicy/fm_dl.te @@ -5,13 +5,13 @@ init_daemon_domain(fm_dl) get_prop(fm_dl, bluetooth_prop) -set_prop(fm_dl, fm_prop) +#set_prop(fm_dl, fm_prop) #============= fm_dl ============== -allow fm_dl fm_data_file:dir ra_dir_perms; -allow fm_dl fm_data_file:file create_file_perms; -allow fm_dl fm_radio_device:chr_file r_file_perms; +#allow fm_dl fm_data_file:dir ra_dir_perms; +#allow fm_dl fm_data_file:file create_file_perms; +#allow fm_dl fm_radio_device:chr_file r_file_perms; allow fm_dl shell_exec:file { entrypoint getattr read }; -allow fm_dl sysfs_fm:file w_file_perms; +#allow fm_dl sysfs_fm:file w_file_perms; allow fm_dl system_file:file execute_no_trans; allow fm_dl toolbox_exec:file rx_file_perms; diff --git a/sepolicy/hal_gnss_default.te b/sepolicy/hal_gnss_default.te index ea94c030..8cbeae26 100644 --- a/sepolicy/hal_gnss_default.te +++ b/sepolicy/hal_gnss_default.te @@ -1,16 +1,16 @@ vndbinder_use(hal_gnss_default) #============= hal_gnss_default ============== -allow hal_gnss_default diag_device:chr_file { open read write }; -allow hal_gnss_default qmuxd:unix_stream_socket connectto; -allow hal_gnss_default qmuxd_socket:dir { add_name search write }; -allow hal_gnss_default qmuxd_socket:sock_file { create setattr write }; +#allow hal_gnss_default diag_device:chr_file { open read write }; +#allow hal_gnss_default qmuxd:unix_stream_socket connectto; +#allow hal_gnss_default qmuxd_socket:dir { add_name search write }; +#allow hal_gnss_default qmuxd_socket:sock_file { create setattr write }; allow hal_gnss_default self:netlink_socket { bind create read write }; allow hal_gnss_default self:socket rw_socket_perms_no_ioctl; allow hal_gnss_default self:socket { create ioctl }; -allow hal_gnss_default sysfs_sensors:file { getattr open read }; +#allow hal_gnss_default sysfs_sensors:file { getattr open read }; allow hal_gnss_default sysfs_system_soc:file { getattr open read }; allow hal_gnss_default system_data_file:dir { add_name create write }; allow hal_gnss_default system_data_file:file { create getattr open read write }; -allowxperm hal_gnss_default self:socket ioctl msm_sock_ipc_ioctls; +#allowxperm hal_gnss_default self:socket ioctl msm_sock_ipc_ioctls; dontaudit hal_gnss_default self:udp_socket create; diff --git a/sepolicy/hal_sensors_default.te b/sepolicy/hal_sensors_default.te index 1d856e86..afec598f 100644 --- a/sepolicy/hal_sensors_default.te +++ b/sepolicy/hal_sensors_default.te @@ -9,7 +9,7 @@ allow hal_sensors_default sysfs_input_devices:dir { open read search }; allow hal_sensors_default sysfs_input_devices:file { open read }; allow hal_sensors_default sysfs_proximity_sensor:dir search; allow hal_sensors_default sysfs_proximity_sensor:file { open read write }; -allow hal_sensors_default sysfs_sensors:file { getattr open read write }; +#allow hal_sensors_default sysfs_sensors:file { getattr open read write }; allow hal_sensors_default sysfs_system_soc:file { read }; allow hal_sensors_default system_data_file:dir { add_name write }; allow hal_sensors_default system_data_file:file { create getattr open read write }; diff --git a/sepolicy/init.te b/sepolicy/init.te index 49b93763..6d889275 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -2,26 +2,26 @@ allow init camera_data_file:file getattr; allow init debugfs:dir mounton; allow init functionfs:dir mounton; -allow init qti_debugfs:dir relabelfrom; -allow init qti_debugfs:file relabelfrom; +#allow init qti_debugfs:dir relabelfrom; +#allow init qti_debugfs:file relabelfrom; allow init sysfs_batteryinfo:file { open setattr write }; allow init sysfs_block_iosched:file write; allow init sysfs_bluetooth_control:file setattr; allow init sysfs_camera_torch:file setattr; -allow init sysfs_cpu_boost:file { open setattr write }; +#allow init sysfs_cpu_boost:file { open setattr write }; allow init sysfs_devices_system_cpu:file write; allow init sysfs_disk_polling:file { setattr write }; -allow init sysfs_fm:file setattr; +#allow init sysfs_fm:file setattr; allow init sysfs_glove_mode:file { open setattr write }; allow init sysfs_leds:file setattr; allow init sysfs_mhl:file setattr; allow init sysfs_power_control:file { open write }; allow init sysfs_proximity_sensor:file setattr; -allow init sysfs_sensors:file setattr; -allow init sysfs_graphics:file setattr; +#allow init sysfs_sensors:file setattr; +#allow init sysfs_graphics:file setattr; allow init sysfs_thermal:file { open setattr write }; allow init sysfs_thermal_control:file { open write }; allow init sysfs_usb:file write; allow init sysfs_wcnss_ssr:file { open setattr write }; allow init sysfs_wlan_fwpath:file setattr; -allow init wlan_device:chr_file write; +#allow init wlan_device:chr_file write; diff --git a/sepolicy/macaddrsetup.te b/sepolicy/macaddrsetup.te index cb48b87d..29cc9a12 100644 --- a/sepolicy/macaddrsetup.te +++ b/sepolicy/macaddrsetup.te @@ -10,4 +10,4 @@ allow macaddrsetup bluetooth_data_file:dir { add_name search write }; allow macaddrsetup bluetooth_data_file:file { create getattr open setattr write }; allow macaddrsetup self:capability { chown fowner fsetid }; allow macaddrsetup sysfs_mac_serial:file { getattr open write }; -allow macaddrsetup sysfs_mac_address:file { getattr open write }; +#allow macaddrsetup sysfs_mac_address:file { getattr open write }; diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te index 0f370f0f..e69de29b 100644 --- a/sepolicy/mediacodec.te +++ b/sepolicy/mediacodec.te @@ -1 +0,0 @@ -get_prop(mediacodec, camera_prop) \ No newline at end of file diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 420d01cc..a5a79414 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -1,7 +1,7 @@ #============= mediaserver ============== allow mediaserver audio_device:chr_file { ioctl open read write }; -allow mediaserver camera_socket:dir { add_name search write }; -allow mediaserver camera_socket:file { create getattr open read write }; +#allow mediaserver camera_socket:dir { add_name search write }; +#allow mediaserver camera_socket:file { create getattr open read write }; allow mediaserver sensorservice_service:service_manager find; allow mediaserver sysfs_als:file { getattr open read write }; allow mediaserver sysfs_batteryinfo:dir search; diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index 20f3ad42..f23e9fd7 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -1,3 +1,3 @@ #============= netmgrd ============== -allow netmgrd diag_device:chr_file rw_file_perms; -r_dir_file(netmgrd, net_data_file) +#allow netmgrd diag_device:chr_file rw_file_perms; +#r_dir_file(netmgrd, net_data_file) diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 68e728e1..60476b4c 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,4 +1,4 @@ # property service keys -camera.0. u:object_r:camera_prop:s0 -camera.1. u:object_r:camera_prop:s0 +#camera.0. u:object_r:camera_prop:s0 +#camera.1. u:object_r:camera_prop:s0 persist.tareset.notfirstboot u:object_r:updatemiscta_prop:s0 diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te index dc4ac023..c7d0fa21 100644 --- a/sepolicy/qmuxd.te +++ b/sepolicy/qmuxd.te @@ -1,5 +1,5 @@ #============= qmuxd ============== -allow qmuxd diag_device:chr_file rw_file_perms; -allow qmuxd qmuxd_socket:dir w_dir_perms; -allow qmuxd qmuxd_socket:sock_file create_file_perms; -allow qmuxd radio_device:chr_file rw_file_perms; +#allow qmuxd diag_device:chr_file rw_file_perms; +#allow qmuxd qmuxd_socket:dir w_dir_perms; +#allow qmuxd qmuxd_socket:sock_file create_file_perms; +#allow qmuxd radio_device:chr_file rw_file_perms; diff --git a/sepolicy/radio.te b/sepolicy/radio.te index 7dd8da75..0f232d65 100644 --- a/sepolicy/radio.te +++ b/sepolicy/radio.te @@ -1,4 +1,4 @@ -qmux_socket(radio) +#qmux_socket(radio) #============= radio ============== allow radio sysfs_thermal:file { getattr open read }; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index ba8f31d2..2a35a9d4 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,3 +1,3 @@ #============= rild ============== -allow rild diag_device:chr_file rw_file_perms; +#allow rild diag_device:chr_file rw_file_perms; allow rild proc_cmdline:file { getattr open read }; diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te index cee7ab94..b21c50eb 100644 --- a/sepolicy/rmt_storage.te +++ b/sepolicy/rmt_storage.te @@ -1,4 +1,4 @@ #============= rmt_storage ============== -allow rmt_storage modem_block_device:blk_file rw_file_perms; -allow rmt_storage shared_log_device:chr_file rw_file_perms; -r_dir_file(rmt_storage, sysfs_rmtfs) +#allow rmt_storage modem_block_device:blk_file rw_file_perms; +#allow rmt_storage shared_log_device:chr_file rw_file_perms; +#r_dir_file(rmt_storage, sysfs_rmtfs) diff --git a/sepolicy/secchand.te b/sepolicy/secchand.te index 41024924..b0b611bd 100644 --- a/sepolicy/secchand.te +++ b/sepolicy/secchand.te @@ -6,11 +6,11 @@ init_daemon_domain(secchand) unix_socket_connect(secchand, tad, tad) #============= secchand ============== -allow secchand firmware_file:dir search; -allow secchand firmware_file:file { getattr open read }; +#allow secchand firmware_file:dir search; +#allow secchand firmware_file:file { getattr open read }; allow secchand ion_device:chr_file { ioctl open read }; allow secchand self:socket create_socket_perms; allow secchand shared_log_device:chr_file { ioctl open read write }; -allow secchand smem_log_device:chr_file rw_file_perms; +#allow secchand smem_log_device:chr_file rw_file_perms; allow secchand tee_device:chr_file { ioctl open read write }; -allowxperm secchand self:socket ioctl msm_sock_ipc_ioctls; +#allowxperm secchand self:socket ioctl msm_sock_ipc_ioctls; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index a2283209..3aa081a8 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -4,11 +4,11 @@ binder_call(system_app, netd) binder_call(system_app, vold) binder_call(system_app, wificond) -set_prop(system_app, fm_prop) +#set_prop(system_app, fm_prop) #============= system_app ============== allow system_app apex_service:service_manager find; -allow system_app fm_data_file:file r_file_perms; +#allow system_app fm_data_file:file r_file_perms; allow system_app proc_pagetypeinfo:file r_file_perms; allow system_app selinuxfs:file { open read }; allow system_app sysfs_glove_mode:file { getattr open write }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 774f9d8c..5ed9cb15 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1,6 +1,6 @@ #============= system_server ============== allow system_server crash_dump:process getpgid; -allow system_server diag_device:chr_file rw_file_perms; +#allow system_server diag_device:chr_file rw_file_perms; allow system_server graphics_device:chr_file { ioctl open read write }; allow system_server mediaserver:process sigkill; allow system_server sysfs_als:file write; diff --git a/sepolicy/ta_qmi_service.te b/sepolicy/ta_qmi_service.te index f8d0c703..14331fac 100644 --- a/sepolicy/ta_qmi_service.te +++ b/sepolicy/ta_qmi_service.te @@ -10,5 +10,5 @@ wakelock_use(ta_qmi_service) #============= ta_qmi_service ============== allow ta_qmi_service self:socket create_socket_perms; allow ta_qmi_service shared_log_device:chr_file { ioctl open read write }; -allow ta_qmi_service smem_log_device:chr_file rw_file_perms; -allowxperm ta_qmi_service self:socket ioctl msm_sock_ipc_ioctls; +#allow ta_qmi_service smem_log_device:chr_file rw_file_perms; +#allowxperm ta_qmi_service self:socket ioctl msm_sock_ipc_ioctls; diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index 27d6a9d7..381e5087 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -2,4 +2,4 @@ allow vendor_init proc_swap:file write; allow vendor_init shell_data_file:dir search; allow vendor_init system_data_file:file setattr; -allow vendor_init wcnss_device:chr_file { open write }; +#allow vendor_init wcnss_device:chr_file { open write };