| author | weifang.liu <weifang.liu@amlogic.com> | 2020-11-24 06:50:26 (GMT) |
|---|---|---|
| committer | gerrit autosubmit <gerrit.autosubmit@aml-code-master.amlogic.com> | 2020-11-25 09:09:55 (GMT) |
| commit | 1567275a99aa692e1bb4710d6b147034171c612e (patch) | |
| tree | 329f116f5e934a1e8e6825e5ffc0baf481920bd3 | |
| parent | 68511703b401b4dd80ba9bd9448f8f8e248d84f1 (diff) | |
| download | common-1567275a99aa692e1bb4710d6b147034171c612e.zip common-1567275a99aa692e1bb4710d6b147034171c612e.tar.gz common-1567275a99aa692e1bb4710d6b147034171c612e.tar.bz2 | |
vts:{Vts}vts_treble_sys_prop_test fail [1/1]
PD#SWPL-37174
Problem:
main_.VtsTrebleSysPropTest#testVendorPropertyTypes test fail,in 11_R2 this test expect vendor prop name after
vendor_xxxx_prop
Solution:
we should correct /vendor/etc/selinux/vendor_property_contexts , name vendor prop as: u:object_r:vendor_xxxx_prop:s0
Verify:
ohm 5.4
Change-Id: I6128933c59781fe55fb4ae98b9532f3831e79d90
31 files changed, 101 insertions, 97 deletions
diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te index ec7247d..257eeda 100644 --- a/sepolicy/audioserver.te +++ b/sepolicy/audioserver.te @@ -3,7 +3,7 @@ allow audioserver property_socket:sock_file { open write }; allow audioserver sysfs_aud_output_chs:file { open read write getattr }; allow audioserver kernel:system module_request; -get_prop(audioserver, media_prop) +get_prop(audioserver, vendor_media_prop) # netlink_kobject_uevent_socket event allow audioserver self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; diff --git a/sepolicy/bcmdl.te b/sepolicy/bcmdl.te index c3ae800..5062d53 100644 --- a/sepolicy/bcmdl.te +++ b/sepolicy/bcmdl.te @@ -10,4 +10,4 @@ allow bcmdl init:unix_stream_socket connectto; allow bcmdl sysfs:file { open read getattr }; allow bcmdl proc:file { open read getattr }; allow bcmdl sysfs:dir { read open }; -allow bcmdl bcmdl_prop:property_service { set }; +allow bcmdl vendor_bcmdl_prop:property_service { set }; diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te index 990c598..41710d0 100644 --- a/sepolicy/bootanim.te +++ b/sepolicy/bootanim.te @@ -12,5 +12,5 @@ allow bootanim mediaserver:binder { call transfer }; allow bootanim debugfs_mali:dir { search }; allow bootanim hal_graphics_allocator_default_tmpfs:file rw_file_perms; set_prop(bootanim, system_prop) -get_prop(bootanim, media_prop) +get_prop(bootanim, vendor_media_prop) diff --git a/sepolicy/bootvideo.te b/sepolicy/bootvideo.te index 356394e..f1a5cfc 100644 --- a/sepolicy/bootvideo.te +++ b/sepolicy/bootvideo.te @@ -5,7 +5,7 @@ type bootvideo_exec, exec_type, vendor_file_type, file_type; #unix_socket_connect(bootvideo, property, init); #Bootvideo -allow bootvideo media_prop:file { read open getattr }; +allow bootvideo vendor_media_prop:file { read open getattr }; allow bootvideo sysfs:file { read open getattr }; allow bootvideo proc:file { read open getattr }; allow bootvideo sysfs_audio_cap:file { read open getattr }; @@ -18,7 +18,7 @@ allow bootvideo audio_device:dir r_dir_perms; allow bootvideo system_control:binder call; -allow bootvideo media_prop:property_service set; +allow bootvideo vendor_media_prop:property_service set; allow bootvideo property_socket:sock_file write; allow bootvideo sysfs_xbmc:file { open read write getattr }; diff --git a/sepolicy/dtvkitserver.te b/sepolicy/dtvkitserver.te index 3a29ee3..838227e 100644 --- a/sepolicy/dtvkitserver.te +++ b/sepolicy/dtvkitserver.te @@ -28,11 +28,11 @@ allow dtvkitserver systemcontrol_hwservice:hwservice_manager {find}; allow dtvkitserver system_data_root_file:dir r_dir_perms; allow dtvkitserver tee_vendor_file:dir r_dir_perms; -get_prop(dtvkitserver, tv_prop) -set_prop(dtvkitserver, tv_prop) -get_prop(dtvkitserver, media_prop) +get_prop(dtvkitserver, vendor_tv_prop) +set_prop(dtvkitserver, vendor_tv_prop) +get_prop(dtvkitserver, vendor_media_prop) get_prop(dtvkitserver, vendor_default_prop) -allow dtvkitserver tv_prop:file { read open getattr }; +allow dtvkitserver vendor_tv_prop:file { read open getattr }; allow dtvkitserver video_device:chr_file { read write open ioctl getattr }; allow dtvkitserver codec_device:chr_file { read write open ioctl }; allow dtvkitserver rootfs:dir { read open }; diff --git a/sepolicy/hal_audio_amlogic.te b/sepolicy/hal_audio_amlogic.te index b864cce..9fada11 100644 --- a/sepolicy/hal_audio_amlogic.te +++ b/sepolicy/hal_audio_amlogic.te @@ -16,8 +16,8 @@ allow hal_audio_amlogic sysfs_audio_cap:file { read open }; allow hal_audio_amlogic sysfs_digital_codec:file { write read open }; allow hal_audio_amlogic sysfs_amhdmitx:dir search; allow hal_audio_amlogic kernel:system { module_request }; -allow hal_audio_amlogic media_prop:file { read open getattr }; -allow hal_audio_amlogic media_prop:property_service { set }; +allow hal_audio_amlogic vendor_media_prop:file { read open getattr }; +allow hal_audio_amlogic vendor_media_prop:property_service { set }; allow hal_audio_amlogic shell_data_file:file { read write }; allow hal_audio_amlogic sysfs_xbmc:file { read open write }; allow hal_audio_amlogic hidraw_device:chr_file { create read write open ioctl}; @@ -36,7 +36,7 @@ allow hal_audio_amlogic sysfs:file { open read write }; allow hal_audio_amlogic sysfs_extcon:dir { search }; allow hal_audio_amlogic uio_device:chr_file { open read write }; allow hal_audio_amlogic system_app:binder call; -allow hal_audio_amlogic tv_prop:file { read getattr open }; +allow hal_audio_amlogic vendor_tv_prop:file { read getattr open }; allow hal_audio_amlogic hidraw_audio_device:chr_file { create read write open ioctl}; allow hal_audio_amlogic device:dir {read open}; allow hal_audio_amlogic btmic_data_file:dir {write read open add_name search}; diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te index b91a617..387f47d 100644 --- a/sepolicy/hal_audio_default.te +++ b/sepolicy/hal_audio_default.te @@ -5,8 +5,8 @@ allow hal_audio_default sysfs_audio_cap:file { read open }; allow hal_audio_default sysfs_digital_codec:file { write read open }; allow hal_audio_default sysfs_amhdmitx:dir search; allow hal_audio_default kernel:system { module_request }; -allow hal_audio_default media_prop:file { read open getattr map }; -allow hal_audio_default media_prop:property_service { set }; +allow hal_audio_default vendor_media_prop:file { read open getattr map }; +allow hal_audio_default vendor_media_prop:property_service { set }; allow hal_audio_default shell_data_file:file { read write }; allow hal_audio_default sysfs_xbmc:file { read open write }; allow hal_audio_default hidraw_device:chr_file { create read write open ioctl}; @@ -28,7 +28,7 @@ allow hal_audio_default sysfs:file { open read write }; allow hal_audio_default sysfs_extcon:dir { search }; allow hal_audio_default uio_device:chr_file { open read write }; allow hal_audio_default system_app:binder call; -allow hal_audio_default tv_prop:file { read getattr open map }; +allow hal_audio_default vendor_tv_prop:file { read getattr open map }; allow hal_audio_default hidraw_audio_device:chr_file { create read write open ioctl}; allow hal_audio_default device:dir { read open watch }; allow hal_audio_default btmic_data_file:dir {write read open add_name search}; diff --git a/sepolicy/hal_drm_default.te b/sepolicy/hal_drm_default.te index 5c5e71b..09d0b3c 100644 --- a/sepolicy/hal_drm_default.te +++ b/sepolicy/hal_drm_default.te @@ -4,4 +4,4 @@ allow hal_drm_default mediadrm_vendor_data_file:file { read open write getattr c allow hal_drm_default mediadrm_vendor_data_file:dir { read open write getattr create search add_name remove_name rmdir}; allow hal_drm_default self:capability sys_nice; -get_prop(hal_drm_default, media_prop) +get_prop(hal_drm_default, vendor_media_prop) diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te index b1f0b1d..281c4b2 100644 --- a/sepolicy/hal_graphics_allocator_default.te +++ b/sepolicy/hal_graphics_allocator_default.te @@ -3,6 +3,6 @@ allow hal_graphics_allocator_default graphics_device:chr_file {open read write i allow hal_graphics_allocator_default sysfs_display:lnk_file { read open write ioctl }; allow hal_graphics_allocator_default sysfs_display:dir search; allow hal_graphics_allocator_default sysfs_fb0_afbcd:file rw_file_perms; -allow hal_graphics_allocator_default media_prop:file { getattr open read }; +allow hal_graphics_allocator_default vendor_media_prop:file { getattr open read }; allow hal_graphics_allocator_default video_device:chr_file rw_file_perms; -get_prop(hal_graphics_allocator_default, media_prop) +get_prop(hal_graphics_allocator_default, vendor_media_prop) diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te index f2a5883..a0fe1a1 100644 --- a/sepolicy/hal_graphics_composer_default.te +++ b/sepolicy/hal_graphics_composer_default.te @@ -22,11 +22,11 @@ allow hal_graphics_composer_default display_device:chr_file r_file_perms; allow hal_graphics_composer_default sysfs_amhdmitx:file { read write open getattr }; allow hal_graphics_composer_default sysfs_amhdmitx:dir search; -allow hal_graphics_composer_default tv_prop:file { getattr open read }; -get_prop(hal_graphics_composer_default, tv_prop) +allow hal_graphics_composer_default vendor_tv_prop:file { getattr open read }; +get_prop(hal_graphics_composer_default, vendor_tv_prop) -allow hal_graphics_composer_default media_prop:file { getattr open read }; -get_prop(hal_graphics_composer_default, media_prop) +allow hal_graphics_composer_default vendor_media_prop:file { getattr open read }; +get_prop(hal_graphics_composer_default, vendor_media_prop) allow hal_graphics_composer_default sysfs_video:dir { search }; allow hal_graphics_composer_default sysfs_display:file { read write open getattr }; diff --git a/sepolicy/hal_hidlimw.te b/sepolicy/hal_hidlimw.te index 984500c..c363b99 100644 --- a/sepolicy/hal_hidlimw.te +++ b/sepolicy/hal_hidlimw.te @@ -15,7 +15,7 @@ allow hal_hidlimw system_control:binder { call transfer }; allow hal_hidlimw hal_hidlimw_file:file create_file_perms; allow hal_hidlimw hal_hidlimw_file:dir create_dir_perms; allow hal_hidlimw { vendor_shell_exec vendor_toolbox_exec }:file execute_no_trans; -allow hal_hidlimw tv_prop:file { read getattr open }; +allow hal_hidlimw vendor_tv_prop:file { read getattr open }; allow hal_hidlimw { vendor_video_device codec_device }:file { read write open }; allow hal_hidlimw { sysfs_stb sysfs_video }:dir { search }; allow hal_hidlimw { @@ -36,7 +36,7 @@ allowxperm hal_hidlimw { }:chr_file ioctl ~{ 0 SIOCATMARK }; allow hal_hidlimw sysfs_astream:file { open read }; allow hal_hidlimw sysfs_astream:dir { search }; -allow hal_hidlimw media_prop:file { read open getattr }; +allow hal_hidlimw vendor_media_prop:file { read open getattr }; allow hal_hidlimw sysfs_audio:file { read write open }; allow hal_hidlimw sysfs_video:file { read write open getattr }; allow hal_hidlimw vendor_file:file { execute_no_trans }; diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te index 296ef14..e350f1d 100644 --- a/sepolicy/mediacodec.te +++ b/sepolicy/mediacodec.te @@ -4,7 +4,7 @@ allow mediacodec sysfs:file { open read write }; allow mediacodec audio_device:chr_file { setattr open read write }; #allow mediacodec sysfs_xbmc:file { open read write}; #allow mediacodec audioserver_service:service_manager find; -get_prop(mediacodec, media_prop) +get_prop(mediacodec, vendor_media_prop) allow mediacodec kernel:system module_request; allow mediacodec mediaserver:dir { search }; diff --git a/sepolicy/mediadrmserver.te b/sepolicy/mediadrmserver.te index 99be7f9..2703cc7 100644 --- a/sepolicy/mediadrmserver.te +++ b/sepolicy/mediadrmserver.te @@ -2,4 +2,4 @@ allow mediadrmserver media_data_file:lnk_file { create read write }; allow mediadrmserver drm_device:chr_file { read open write ioctl }; #allow mediadrmserver sysfs:file { open read write}; allow mediadrmserver kernel:system module_request; -get_prop(mediadrmserver, media_prop) +get_prop(mediadrmserver, vendor_media_prop) diff --git a/sepolicy/mediaextractor.te b/sepolicy/mediaextractor.te index 8acd837..3a1dd2f 100644 --- a/sepolicy/mediaextractor.te +++ b/sepolicy/mediaextractor.te @@ -1,5 +1,5 @@ allow mediaextractor init:unix_stream_socket { connectto }; -get_prop(mediaextractor, media_prop) +get_prop(mediaextractor, vendor_media_prop) get_prop(mediaextractor, vendor_platform_prop) allow mediaextractor vfat:file { read getattr }; diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te index 3903232..23e9340 100644 --- a/sepolicy/mediaprovider.te +++ b/sepolicy/mediaprovider.te @@ -1,4 +1,4 @@ -get_prop(mediaprovider, media_prop); +get_prop(mediaprovider, vendor_media_prop); allow mediaprovider fuseblk:dir { open read search }; allow mediaprovider fuseblk:file { getattr open read }; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index ca59cc2..e59adc9 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -12,7 +12,7 @@ allow mediaserver sysfs_audio:file rw_file_perms; allow mediaserver sysfs_audio_cap:file rw_file_perms; allow mediaserver sysfs_amhdmitx:dir search; -get_prop(mediaserver, media_prop) +get_prop(mediaserver, vendor_media_prop) get_prop(mediaserver, vendor_platform_prop) allow mediaserver bootanim:binder { call transfer }; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index 0edbcd4..b4f901b 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -1,5 +1,5 @@ -get_prop(platform_app, media_prop) -get_prop(system_app, media_prop) +get_prop(platform_app, vendor_media_prop) +get_prop(system_app, vendor_media_prop) #allow platform_app vendor_file:file { getattr read open execute }; @@ -32,8 +32,8 @@ allow platform_app vendor_platform_prop:file { read }; allow platform_app dtvkitserver_hwservice:hwservice_manager { find }; allow platform_app dtvkitserver:binder {call transfer}; -get_prop(dtvkitserver, tv_prop) -set_prop(dtvkitserver, tv_prop) +get_prop(dtvkitserver, vendor_tv_prop) +set_prop(dtvkitserver, vendor_tv_prop) allow platform_app subtitleserver:binder { call transfer }; allow platform_app dtvkit_data_file:dir { search open read getattr }; -allow platform_app tv_prop:file { read getattr open }; +allow platform_app vendor_tv_prop:file { read getattr open }; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index aa42860..7dc1843 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -3,7 +3,7 @@ allow priv_app fuseblk:file { read open getattr }; allow priv_app proc_modules:file { getattr read open }; allow priv_app proc_interrupts:file { getattr read open }; -allow priv_app media_prop:file { read }; +allow priv_app vendor_media_prop:file { read }; allow priv_app dvb_device:chr_file rw_file_perms; #allow priv_app property_socket:sock_file { write }; @@ -29,4 +29,4 @@ allow priv_app sysfs_wifi:file r_file_perms; allow priv_app debugfs_mali:dir search; allow priv_app storage_stub_file:dir { getattr }; -get_prop(priv_app, netflix_prop) +get_prop(priv_app, vendor_netflix_prop) diff --git a/sepolicy/property.te b/sepolicy/property.te index cb7cbb6..dda778e 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1,12 +1,14 @@ -vendor_restricted_prop(media_prop) -vendor_restricted_prop(tv_prop) -vendor_restricted_prop(bcmdl_prop) +vendor_restricted_prop(vendor_media_prop) +vendor_restricted_prop(vendor_tv_prop) +vendor_restricted_prop(vendor_bcmdl_prop) vendor_internal_prop(ctl_dhcp_pan_prop) -vendor_restricted_prop(netflix_prop) +vendor_restricted_prop(vendor_netflix_prop) vendor_restricted_prop(vendor_platform_prop) vendor_internal_prop(vendor_persist_prop) vendor_restricted_prop(vendor_app_prop) vendor_internal_prop(vendor_wifi_prop) -vendor_internal_prop(oem_prop) +vendor_internal_prop(vendor_oem_prop) vendor_internal_prop(vendor_logging_prop) +vendor_restricted_prop(vendor_bluetooth_prop) +vendor_restricted_prop(vendor_exported_wifi_prop) diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index e4f6d8a..75d88d4 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,29 +1,29 @@ -vendor.media. u:object_r:media_prop:s0 -ro.vendor.media. u:object_r:media_prop:s0 -vendor.sys.media. u:object_r:media_prop:s0 -vendor.sys.subtitle. u:object_r:media_prop:s0 -persist.vendor.audio. u:object_r:media_prop:s0 -persist.vendor.media. u:object_r:media_prop:s0 +vendor.media. u:object_r:vendor_media_prop:s0 +ro.vendor.media. u:object_r:vendor_media_prop:s0 +vendor.sys.media. u:object_r:vendor_media_prop:s0 +vendor.sys.subtitle. u:object_r:vendor_media_prop:s0 +persist.vendor.audio. u:object_r:vendor_media_prop:s0 +persist.vendor.media. u:object_r:vendor_media_prop:s0 persist.vendor.bt_vendor u:object_r:vendor_platform_prop:s0 -vendor.drm. u:object_r:media_prop:s0 -vendor.tv. u:object_r:tv_prop:s0 -persist.vendor.tv. u:object_r:tv_prop:s0 -vendor.bcmdl_status u:object_r:bcmdl_prop:s0 -vendor.wc_transport u:object_r:bluetooth_prop:s0 -vendor.rc_hidraw_fd u:object_r:bluetooth_prop:s0 -vendor.bcm_wifi u:object_r:exported_wifi_prop:s0 exact enum bcm nobcm -ro.vendor.rfkilldisabled u:object_r:bluetooth_prop:s0 -vendor.display-size u:object_r:netflix_prop:s0 -vendor.netflix.state u:object_r:netflix_prop:s0 -ro.vendor.nrdp. u:object_r:netflix_prop:s0 +vendor.drm. u:object_r:vendor_media_prop:s0 +vendor.tv. u:object_r:vendor_tv_prop:s0 +persist.vendor.tv. u:object_r:vendor_tv_prop:s0 +vendor.bcmdl_status u:object_r:vendor_bcmdl_prop:s0 +vendor.wc_transport u:object_r:vendor_bluetooth_prop:s0 +vendor.rc_hidraw_fd u:object_r:vendor_bluetooth_prop:s0 +vendor.bcm_wifi u:object_r:vendor_exported_wifi_prop:s0 exact enum bcm nobcm +ro.vendor.rfkilldisabled u:object_r:vendor_bluetooth_prop:s0 +vendor.display-size u:object_r:vendor_netflix_prop:s0 +vendor.netflix.state u:object_r:vendor_netflix_prop:s0 +ro.vendor.nrdp. u:object_r:vendor_netflix_prop:s0 ro.vendor.platform u:object_r:vendor_platform_prop:s0 persist.vendor.sys u:object_r:vendor_persist_prop:s0 vendor.sys u:object_r:vendor_platform_prop:s0 ro.vendor.app u:object_r:vendor_app_prop:s0 vendor.wlan u:object_r:vendor_wifi_prop:s0 -ro.boot.oem. u:object_r:oem_prop:s0 +ro.boot.oem. u:object_r:vendor_oem_prop:s0 -vendor.allm.support u:object_r:media_prop:s0 -vendor.contenttype_game.support u:object_r:media_prop:s0 +vendor.allm.support u:object_r:vendor_media_prop:s0 +vendor.contenttype_game.support u:object_r:vendor_media_prop:s0 persist.vendor.verbose_logging. u:object_r:vendor_logging_prop:s0 diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index d1bfc3c..9c27c55 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -32,10 +32,12 @@ allow recovery sysfs_cec:file rw_file_perms; # product_shipping_api_level=28 vendor/system cannot share prop #--------------------------------------------------------------------# get_prop(recovery, bluetooth_prop) +get_prop(recovery, vendor_bluetooth_prop) get_prop(recovery, vendor_platform_prop) set_prop(recovery, boottime_prop) set_prop(recovery, ctl_bootanim_prop) + get_prop(recovery, apexd_prop) get_prop(recovery, bluetooth_audio_hal_prop) get_prop(recovery, bpf_progs_loaded_prop) @@ -54,11 +56,11 @@ allow recovery graphics_device:chr_file {open read write ioctl}; allow shell rootfs:file { entrypoint execute getattr open read }; -allow recovery bcmdl_prop:file { getattr open }; -allow recovery media_prop:file { getattr open }; +allow recovery vendor_bcmdl_prop:file { getattr open }; +allow recovery vendor_media_prop:file { getattr open }; allow recovery sysfs_audio_cap:file { open read write }; allow recovery sysfs_video:file { open read write }; -allow recovery tv_prop:file { getattr open }; +allow recovery vendor_tv_prop:file { getattr open }; allow recovery wifi_prop:file { getattr open }; allow recovery cache_file:dir mounton; @@ -91,7 +93,7 @@ allow recovery sysfs_remote:dir search; allow recovery sysfs_display:dir search; -allow recovery bluetooth_prop:file { getattr open }; +allow recovery {vendor_bluetooth_prop bluetooth_prop }:file { getattr open }; allow recovery boottime_prop:file { getattr open }; allow recovery ctl_bootanim_prop:file { getattr open }; allow recovery ctl_bugreport_prop:file { getattr open }; @@ -144,9 +146,9 @@ allow recovery sysfs_display:lnk_file { open read write getattr }; allow init reco_file:file { open read create write }; allow recovery bluetooth_a2dp_offload_prop:file { getattr open }; -allow recovery exported_bluetooth_prop:file { getattr open }; +allow recovery { exported_bluetooth_prop vendor_bluetooth_prop }:file { getattr open }; allow recovery exported_overlay_prop:file { getattr open }; -allow recovery exported_wifi_prop:file { getattr open }; +allow recovery { vendor_exported_wifi_prop exported_wifi_prop }:file { getattr open }; allow shell tmpfs:file {open read getattr}; allow shell rootfs:file {execute_no_trans}; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 51f0258..9b13524 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -5,8 +5,8 @@ allow surfaceflinger hal_graphics_allocator_default_tmpfs:file rw_file_perms; allow surfaceflinger hal_graphics_composer_default:file rw_file_perms; allow surfaceflinger hal_graphics_composer_default:dir search; allow surfaceflinger debugfs_mali:dir search; -get_prop(surfaceflinger, tv_prop) +get_prop(surfaceflinger, vendor_tv_prop) set_prop(surfaceflinger, ctl_default_prop) -allow surfaceflinger media_prop:file { read }; -get_prop(surfaceflinger, media_prop) +allow surfaceflinger vendor_media_prop:file { read }; +get_prop(surfaceflinger, vendor_media_prop) diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 5b7a638..2c88cf5 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -46,11 +46,10 @@ allow system_app sysfs_display:file { read write open getattr }; #--------------------------------------------------------------------# # product_shipping_api_level=28 vendor/system cannot share prop #--------------------------------------------------------------------# -get_prop(system_app, tv_prop) -#set_prop(system_app, media_prop) -get_prop(system_app, media_prop) -#set_prop(system_app, netflix_prop) -get_prop(system_app, netflix_prop) +get_prop(system_app, vendor_tv_prop) +get_prop(system_app, vendor_media_prop) +#set_prop(system_app, vendor_netflix_prop) +get_prop(system_app, vendor_netflix_prop) get_prop(system_app, vendor_platform_prop) get_prop(system_app, vendor_app_prop) @@ -74,7 +73,7 @@ allow system_app hal_graphics_allocator_default_tmpfs:file rw_file_perms; allow system_app vendor_video_device:chr_file {open ioctl read write}; allow system_app sysfs_video:chr_file {open ioctl read write}; -allow system_app tv_prop:file {open read getattr}; +allow system_app vendor_tv_prop:file {open read getattr}; #Irdeto allow system_app hal_hidlimw_hwservice:hwservice_manager { find }; diff --git a/sepolicy/system_control.te b/sepolicy/system_control.te index 436e1ca..701edfa 100644 --- a/sepolicy/system_control.te +++ b/sepolicy/system_control.te @@ -43,21 +43,22 @@ allow system_control mnt_vendor_file:file { setattr getattr lock unlink }; #--------------------------------------------------------------------# # product_shipping_api_level=28 vendor/system cannot share prop #--------------------------------------------------------------------# -get_prop(system_control, bcmdl_prop) +get_prop(system_control, vendor_bcmdl_prop) + get_prop(system_control, device_logging_prop) get_prop(system_control, vendor_platform_prop) set_prop(system_control, vendor_platform_prop) -set_prop(system_control, media_prop) -get_prop(system_control, media_prop) -set_prop(system_control, tv_prop) -get_prop(system_control, tv_prop) +set_prop(system_control, vendor_media_prop) +get_prop(system_control, vendor_media_prop) +set_prop(system_control, vendor_tv_prop) +get_prop(system_control, vendor_tv_prop) set_prop(system_control, vendor_persist_prop) get_prop(system_control, vendor_persist_prop) -set_prop(system_control, netflix_prop) -get_prop(system_control, netflix_prop) +set_prop(system_control, vendor_netflix_prop) +get_prop(system_control, vendor_netflix_prop) #get_prop(system_control, wifi_prop) diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index cdfc151..916d240 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -5,7 +5,7 @@ allow system_server vendor_framework_file:dir { search getattr }; allow system_server vendor_framework_file:file { read getattr open }; allow system_server bluetooth:file { open read write }; -get_prop(system_server, media_prop) +get_prop(system_server, vendor_media_prop) # For writing to /proc/<tid>/timerslack_ns (XXX - this is probably wrong) allow system_server priv_app:file write; diff --git a/sepolicy/tvserver.te b/sepolicy/tvserver.te index 784ee26..7a2c628 100644 --- a/sepolicy/tvserver.te +++ b/sepolicy/tvserver.te @@ -22,11 +22,11 @@ allow tvserver audio_device:chr_file { read write open ioctl }; allow tvserver tvserver_hwservice:hwservice_manager find; -get_prop(tvserver, media_prop) -get_prop(tvserver, tv_prop) -set_prop(tvserver, tv_prop) +get_prop(tvserver, vendor_media_prop) +get_prop(tvserver, vendor_tv_prop) +set_prop(tvserver, vendor_tv_prop) get_prop(tvserver, vendor_default_prop) -allow tvserver tv_prop:file { read open getattr }; +allow tvserver vendor_tv_prop:file { read open getattr }; allow tvserver proc:file { read write open ioctl getattr }; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index 1c5efed..d837e91 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -7,4 +7,4 @@ allow untrusted_app fuseblk:file { read open getattr }; allow untrusted_app debugfs_mali:dir search; allow untrusted_app hal_graphics_allocator_default_tmpfs:file rw_file_perms; -get_prop(untrusted_app, netflix_prop) +get_prop(untrusted_app, vendor_netflix_prop) diff --git a/sepolicy/untrusted_app_27.te b/sepolicy/untrusted_app_27.te index 1dcc652..9f1f548 100644 --- a/sepolicy/untrusted_app_27.te +++ b/sepolicy/untrusted_app_27.te @@ -2,5 +2,5 @@ allow untrusted_app_27 debugfs_mali:dir search; allow untrusted_app_27 storage_stub_file:dir { getattr }; allow untrusted_app_27 hal_graphics_allocator_default_tmpfs:file rw_file_perms; -get_prop(untrusted_app_27, netflix_prop) -get_prop(untrusted_app_27, media_prop) +get_prop(untrusted_app_27, vendor_netflix_prop) +get_prop(untrusted_app_27, vendor_media_prop) diff --git a/sepolicy/untrusted_app_29.te b/sepolicy/untrusted_app_29.te index 19a11ee..9147ca5 100644 --- a/sepolicy/untrusted_app_29.te +++ b/sepolicy/untrusted_app_29.te @@ -8,4 +8,4 @@ allow untrusted_app_29 debugfs_mali:dir search; allow untrusted_app_29 hal_graphics_allocator_default_tmpfs:file rw_file_perms; allow untrusted_app_29 linkerconfig_file:dir getattr; -get_prop(untrusted_app_29, netflix_prop) +get_prop(untrusted_app_29, vendor_netflix_prop) diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index b7744f7..982cca4 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -35,13 +35,13 @@ allow vendor_init unlabeled:dir { getattr read relabelfrom setattr }; set_prop(vendor_init, vendor_platform_prop) # set_prop(vendor_init, shell_prop) set_prop(vendor_init, vendor_app_prop) -set_prop(vendor_init, media_prop) +set_prop(vendor_init, vendor_media_prop) set_prop(vendor_init, audio_prop) -set_prop(vendor_init, tv_prop) -set_prop(vendor_init, netflix_prop) +set_prop(vendor_init, vendor_tv_prop) +set_prop(vendor_init, vendor_netflix_prop) # set_prop(vendor_init, vold_prop) # set_prop(vendor_init, config_prop) -set_prop(vendor_init, oem_prop) +set_prop(vendor_init, vendor_oem_prop) set_prop(vendor_init, exported_default_prop) set_prop(vendor_init, system_prop) set_prop(vendor_init, vendor_persist_prop) diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te index b03d1cb..48f6412 100644 --- a/sepolicy/zygote.te +++ b/sepolicy/zygote.te @@ -3,7 +3,7 @@ allow zygote mediaserver:process { getpgid setpgid }; allow zygote self:capability sys_nice; -get_prop(zygote, media_prop) +get_prop(zygote, vendor_media_prop) allow zygote kernel:system module_request; |