LeOS-GSI/patches/leos_old/platform_device_phh_treble/0004-AdvancedPrivacy.patch

87 lines
3.1 KiB
Diff
Raw Normal View History

2023-12-19 13:19:06 +01:00
From 1082d6863ee84feb2f1f6bee871b9f8ad069559e Mon Sep 17 00:00:00 2001
From: harvey186 <harvey186@hotmail.com>
Date: Fri, 15 Dec 2023 18:04:59 +0100
Subject: [PATCH] AdvancedPrivacy
---
sepolicy/netd.te | 1 +
sepolicy/platform_app.te | 11 +++++++++++
sepolicy/service.te | 8 ++++++++
sepolicy/updater_app.te | 22 ++++++++++++++++++++++
4 files changed, 207 insertions(+), 1 deletion(-)
create mode 100644 sepolicy/netd.te
create mode 100644 sepolicy/platform_app.te
create mode 100644 sepolicy/updater_app.te
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
new file mode 100644
index 0000000..bc71718
--- /dev/null
+++ b/sepolicy/netd.te
@@ -0,0 +1 @@
+allow netd platform_app:unix_stream_socket connectto;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
new file mode 100644
index 0000000..35445a4
--- /dev/null
+++ b/sepolicy/platform_app.te
@@ -0,0 +1,11 @@
+
+# allow platform_app to create named pipes (used for realm support)
+allow platform_app fuse:fifo_file create;
+allow platform_app app_data_file:fifo_file create_file_perms;
+allow platform_app app_data_file:fifo_file open;
+allow platform_app rs_exec:file rx_file_perms;
+
+# Allow platform apps to execute files in /data
+allow platform_app app_data_file:file execute;
+
+allow platform_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
diff --git a/sepolicy/service.te b/sepolicy/service.te
index a9120f9..8950e39 100644
--- a/sepolicy/service.te
+++ b/sepolicy/service.te
@@ -1 +1,9 @@
type qcrilam_service, service_manager_type;
+
+type adbroot_service, service_manager_type;
+type lineage_hardware_service, system_api_service, system_server_service, service_manager_type;
+type lineage_health_interface_service, system_api_service, system_server_service, service_manager_type;
+type lineage_globalactions_service, system_api_service, system_server_service, service_manager_type;
+type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type;
+type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
+type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
diff --git a/sepolicy/updater_app.te b/sepolicy/updater_app.te
new file mode 100644
index 0000000..ff82e4e
--- /dev/null
+++ b/sepolicy/updater_app.te
@@ -0,0 +1,22 @@
+type updater_app, domain, coredomain;
+
+app_domain(updater_app)
+net_domain(updater_app)
+
+binder_call(updater_app, gpuservice)
+binder_call(updater_app, update_engine)
+
+allow updater_app app_api_service:service_manager find;
+allow updater_app recovery_service:service_manager find;
+allow updater_app system_api_service:service_manager find;
+allow updater_app system_update_service:service_manager find;
+allow updater_app update_engine_service:service_manager find;
+
+allow updater_app app_data_file:dir create_dir_perms;
+allow updater_app app_data_file:{ file lnk_file } create_file_perms;
+
+allow updater_app cache_file:dir r_dir_perms;
+
+get_prop(updater_app, default_prop)
+get_prop(updater_app, build_prop)
+
--
2.34.1