Created
April 22, 2020 15:31
-
-
Save elektroschmock/c6f771864f0d5991130ee305f0dba587 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 4a321aab3ae17677d298428f0e121759e9765913 Mon Sep 17 00:00:00 2001 | |
| From: Elektroschmock <[email protected]> | |
| Date: Wed, 15 Apr 2020 23:25:27 +0200 | |
| Subject: [PATCH] shamu: sepolicy: Add initial sepolicy for IRQ balancer | |
| Change-Id: Id8fb2bc13b116061c0c4e86eb262fc7c894f2672 | |
| --- | |
| sepolicy/file.te | 2 ++ | |
| sepolicy/file_contexts | 2 ++ | |
| sepolicy/genfs_contexts | 1 + | |
| sepolicy/init.te | 4 ++++ | |
| sepolicy/irqbalance.te | 15 +++++++++++++++ | |
| 5 files changed, 24 insertions(+) | |
| create mode 100644 sepolicy/irqbalance.te | |
| diff --git a/sepolicy/file.te b/sepolicy/file.te | |
| index 6dee0c70..a9705ca0 100644 | |
| --- a/sepolicy/file.te | |
| +++ b/sepolicy/file.te | |
| @@ -26,11 +26,13 @@ type persist_sensors_file, file_type; | |
| ### proc ### | |
| type proc_bootinfo, fs_type, proc_type; | |
| +type proc_irq, fs_type, proc_type; | |
| ### sockets ### | |
| type adspd_socket, file_type, mlstrustedobject; | |
| type camera_socket, file_type, data_file_type, core_data_file_type; | |
| type cnd_socket, file_type; | |
| +type irqbalance_socket, file_type; | |
| type mpdecision_socket, file_type; | |
| type qmuxd_socket, file_type; | |
| type sensors_socket, file_type; | |
| diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts | |
| index 2683ef29..1cf6dd8f 100644 | |
| --- a/sepolicy/file_contexts | |
| +++ b/sepolicy/file_contexts | |
| @@ -73,6 +73,7 @@ | |
| /dev/socket/adspdsock u:object_r:adspd_socket:s0 | |
| /dev/socket/cnd u:object_r:cnd_socket:s0 | |
| /dev/socket/mpdecision(/.*)? u:object_r:mpdecision_socket:s0 | |
| +/dev/socket/msm_irqbalance u:object_r:irqbalance_socket:s0 | |
| /dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0 | |
| /dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0 | |
| /dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0 | |
| @@ -125,6 +126,7 @@ | |
| /system/vendor/bin/hw/android\.hardware\.power@1\.2-service\.shamu u:object_r:hal_power_default_exec:s0 | |
| /system/vendor/bin/hw/android\.hardware\.thermal@1\.1-service\.shamu u:object_r:hal_thermal_default_exec:s0 | |
| /system/vendor/bin/hw/android\.hardware\.vibrator@1\.0-service\.shamu u:object_r:hal_vibrator_default_exec:s0 | |
| +/system/vendor/bin/msm_irqbalance u:object_r:irqbalance_exec:s0 | |
| /system/vendor/bin/thermal-engine u:object_r:thermald_exec:s0 | |
| ################################### | |
| diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts | |
| index dc11f7c8..dabc0fe6 100644 | |
| --- a/sepolicy/genfs_contexts | |
| +++ b/sepolicy/genfs_contexts | |
| @@ -8,6 +8,7 @@ genfscon debugfs /system_stats u:object_r:debugfs_rpm:s0 | |
| genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0 | |
| genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0 | |
| genfscon proc /bootinfo u:object_r:proc_bootinfo:s0 | |
| +genfscon proc /irq u:object_r:proc_irq:s0 | |
| # sysfs | |
| genfscon sysfs /bus/i2c/drivers/atmel_mxt_ts u:object_r:sysfs_mmi_touch:s0 | |
| diff --git a/sepolicy/init.te b/sepolicy/init.te | |
| index 13393b5d..02dc9831 100644 | |
| --- a/sepolicy/init.te | |
| +++ b/sepolicy/init.te | |
| @@ -16,6 +16,8 @@ allow init { | |
| sysfs_wlan_fwpath | |
| }:file setattr; | |
| +allow init irqbalance_socket :sock_file setattr; | |
| + | |
| allow init { | |
| sysfs_wlan_fwpath | |
| }:file w_file_perms; | |
| @@ -41,3 +43,5 @@ allow init { | |
| oemfs | |
| persist_file | |
| }:dir mounton; | |
| + | |
| +allow init irqbalance_socket:sock_file create_file_perms; | |
| diff --git a/sepolicy/irqbalance.te b/sepolicy/irqbalance.te | |
| new file mode 100644 | |
| index 00000000..b85deb0f | |
| --- /dev/null | |
| +++ b/sepolicy/irqbalance.te | |
| @@ -0,0 +1,15 @@ | |
| +type irqbalance, domain; | |
| +type irqbalance_exec, exec_type, vendor_file_type, file_type; | |
| + | |
| +init_daemon_domain(irqbalance); | |
| + | |
| +allow irqbalance self:capability { setgid setuid dac_override}; | |
| + | |
| +allow irqbalance sysfs_devices_system_cpu:file rw_file_perms; | |
| +allow irqbalance proc_irq:dir r_dir_perms; | |
| +allow irqbalance proc_irq:file rw_file_perms; | |
| + | |
| +allow irqbalance proc_stat:file r_file_perms; | |
| +allow irqbalance proc_interrupts:file r_file_perms; | |
| + | |
| +r_dir_file(irqbalance, sysfs_rqstats); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment