JoJo
/
LeOS-GSI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LeOS-GSI/patches/leos/platform_device_lineage_sep.../0001-eOS1_sepolicy.patch

86 lines
3.9 KiB
Diff
Raw Blame History

From 6443b911354cf60c0c3f099a879f1616a638187a Mon Sep 17 00:00:00 2001
From: harvey186 <harvey186@hotmail.com>
Date: Sat, 1 Jul 2023 08:58:28 +0200
Subject: [PATCH] eOS1
---
common/private/netd.te | 1 +
common/private/platform_app.te | 11 ++++++
common/private/service.te | 1 +
common/private/service_contexts | 1 +
common/private/untrusted_app.te | 1 +
common/private/updater_app.te | 1 +
sepolicy-patch | 59 +++++++++++++++++++++++++++++++++
7 files changed, 75 insertions(+)
create mode 100644 common/private/netd.te
diff --git a/common/private/netd.te b/common/private/netd.te
new file mode 100644
index 0000000..bc71718
--- /dev/null
+++ b/common/private/netd.te
@@ -0,0 +1 @@
+allow netd platform_app:unix_stream_socket connectto;
diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 07183e7..acbc623 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -9,3 +9,14 @@ hal_client_domain(platform_app, hal_lineage_livedisplay)
# Allow PowerShare HAL service to be found
hal_client_domain(platform_app, hal_lineage_powershare)
+
+# allow platform_app to create named pipes (used for realm support)
+allow platform_app fuse:fifo_file create;
+allow platform_app app_data_file:fifo_file create_file_perms;
+allow platform_app app_data_file:fifo_file open;
+allow platform_app rs_exec:file rx_file_perms;
+
+# Allow platform apps to execute files in /data
+allow platform_app app_data_file:file execute;
+
+allow platform_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
diff --git a/common/private/service.te b/common/private/service.te
index 86f6e4c..8f0e1e0 100644
--- a/common/private/service.te
+++ b/common/private/service.te
@@ -5,3 +5,4 @@ type lineage_globalactions_service, system_api_service, system_server_service, s
type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type;
type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
+type lineage_weather_service, system_api_service, system_server_service, service_manager_type;
diff --git a/common/private/service_contexts b/common/private/service_contexts
index cd984cb..a93527d 100644
--- a/common/private/service_contexts
+++ b/common/private/service_contexts
@@ -3,6 +3,7 @@ lineagehardware u:object_r:lineage_hardware_service:s0
lineagehealth u:object_r:lineage_health_interface_service:s0
lineagelivedisplay u:object_r:lineage_livedisplay_service:s0
lineagetrust u:object_r:lineage_trust_service:s0
+lineageweather u:object_r:lineage_weather_service:s0
profile u:object_r:lineage_profile_service:s0
adbroot_service u:object_r:adbroot_service:s0
diff --git a/common/private/untrusted_app.te b/common/private/untrusted_app.te
index 77959f6..39d2b4b 100644
--- a/common/private/untrusted_app.te
+++ b/common/private/untrusted_app.te
@@ -1 +1,2 @@
allow untrusted_app_all lineage_profile_service:service_manager find;
+allow untrusted_app_all lineage_weather_service:service_manager find;
diff --git a/common/private/updater_app.te b/common/private/updater_app.te
index 91b63a0..373c97a 100644
--- a/common/private/updater_app.te
+++ b/common/private/updater_app.te
@@ -9,6 +9,7 @@ binder_call(updater_app, update_engine)
allow updater_app app_api_service:service_manager find;
allow updater_app recovery_service:service_manager find;
allow updater_app system_api_service:service_manager find;
+allow updater_app system_update_service:service_manager find;
allow updater_app update_engine_service:service_manager find;
allow updater_app app_data_file:dir create_dir_perms;
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink