commit 950b2a3f531afa6958314faa1f55e20f0a910975
author Karsten Tausche <karsten@fairphone.com> Mon Aug 22 16:34:58 2022 +0200
committer Karsten Tausche <karsten@fairphone.com> Tue Aug 23 11:12:37 2022 +0200
tree 15f5dab5c19b036391fefe3b3188165bddb9de15
parent d4dcd9bc9f4a6345265ca266e8e7e51b7f44fde0

sepolicy: Fixup missing QCOM service policies

Picking various changes in device/qcom/sepolicy that were added for
msm8953 only for Android 12 already fixes a lot of SELinux denials. Add
a few more allows here to fix up remaining issues.

Issue: FP3-A11#393
Change-Id: I4647922136e239b2e5bdbb9e92f14c74dbc10452

legacy/vendor/common/kernel.te

diff --git a/legacy/vendor/common/kernel.te b/legacy/vendor/common/kernel.te
index 897a327..740ead0 100755
--- a/legacy/vendor/common/kernel.te
+++ b/legacy/vendor/common/kernel.te
@@ -43,3 +43,6 @@
 # when the current cpu is hotplugged out
 allow kernel domain:process setsched;
 allow kernel self:capability kill;
+
+allow kernel sysfs_battery_supply:dir search;
+allow kernel sysfs_battery_supply:file { open read };

legacy/vendor/common/peripheral_manager.te

diff --git a/legacy/vendor/common/peripheral_manager.te b/legacy/vendor/common/peripheral_manager.te
index 126779d..0c33f68 100644
--- a/legacy/vendor/common/peripheral_manager.te
+++ b/legacy/vendor/common/peripheral_manager.te
@@ -51,3 +51,5 @@
 
 # Set the peripheral state property
 set_prop(vendor_per_mgr, vendor_per_mgr_state_prop);
+
+allow vendor_per_mgr self:capability net_raw;

legacy/vendor/common/property.te

diff --git a/legacy/vendor/common/property.te b/legacy/vendor/common/property.te
index 0cd780e..0663ade 100644
--- a/legacy/vendor/common/property.te
+++ b/legacy/vendor/common/property.te
@@ -91,6 +91,8 @@
 
 type vendor_wifi_version, property_type;
 
+type vendor_wifi_config_prop, property_type;
+
 # WIGIG
 type vendor_wigig_prop, property_type;
 type vendor_ctl_vendor_wigigsvc_prop, property_type;

legacy/vendor/common/property_contexts

diff --git a/legacy/vendor/common/property_contexts b/legacy/vendor/common/property_contexts
index 0433fae..3c3bbad 100644
--- a/legacy/vendor/common/property_contexts
+++ b/legacy/vendor/common/property_contexts
@@ -86,6 +86,8 @@
 vendor.usb.                u:object_r:vendor_usb_prop:s0
 vendor.wlan.driver.version       u:object_r:vendor_wifi_version:s0
 vendor.wlan.firmware.version     u:object_r:vendor_wifi_version:s0
+vendor.wlan.driver.config        u:object_r:vendor_wifi_config_prop:s0
+vendor.wlan.driver.ath           u:object_r:vendor_wifi_config_prop:s0
 persist.vendor.usb.        u:object_r:vendor_usb_prop:s0
 ro.vendor.dbg.coresight.cfg_file     u:object_r:vendor_coresight_prop:s0
 vendor.audio.              u:object_r:vendor_audio_prop:s0

legacy/vendor/common/wcnss_service.te

diff --git a/legacy/vendor/common/wcnss_service.te b/legacy/vendor/common/wcnss_service.te
index 8dfcebe..8494594 100644
--- a/legacy/vendor/common/wcnss_service.te
+++ b/legacy/vendor/common/wcnss_service.te
@@ -105,3 +105,9 @@
 allow wcnss_service wifi_vendor_wpa_socket:sock_file rw_file_perms;
 allow wcnss_service wifi_vendor_wpa_socket:file create_file_perms;
 allow wcnss_service wifi_vendor_wpa_socket:file rw_file_perms;
+
+set_prop(wcnss_service, vendor_wifi_config_prop)
+
+allow wcnss_service vendor_shell_exec:file execute_no_trans;
+
+allow wcnss_service kmsg_device:chr_file w_file_perms;