Back 2 basic
This commit is contained in:
parent
366298d67e
commit
be685be826
@ -27,19 +27,13 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/gsi_release.mk)
|
||||
PRODUCT_NAME := duoqin_f21pro
|
||||
PRODUCT_DEVICE := duoqin
|
||||
PRODUCT_BRAND := wephone
|
||||
PRODUCT_MODEL := Duoqin F21pro - wePhone
|
||||
PRODUCT_MODEL := weOs | v11.0.1 | Nehemiah
|
||||
|
||||
# This is for a device
|
||||
PRODUCT_CHARACTERISTICS := device
|
||||
|
||||
PRODUCT_PACKAGE_OVERLAYS += device/wephone/duoqin/overlay
|
||||
|
||||
SELINUX_IGNORE_NEVERALLOWS := true
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/wephone/duoqin/wephone.rc:system/etc/init/wephone.rc \
|
||||
device/wephone/duoqin/wephone.sh:system/bin/wephone.sh
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/wephone/duoqin/files/mtk-kpd.idc:$(TARGET_COPY_OUT_SYSTEM)/usr/idc/mtk-kpd.idc \
|
||||
device/wephone/duoqin/files/mtk-kpd.kcm:$(TARGET_COPY_OUT_SYSTEM)/usr/keychars/mtk-kpd.kcm \
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
# $(call inherit-product, vendor/hardware_overlay/overlay.mk)
|
||||
|
||||
#
|
||||
# All components inherited here go to system image
|
||||
#
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/core_64_bit.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/generic_system.mk)
|
||||
|
||||
# Enable mainline checking
|
||||
# PRODUCT_ENFORCE_ARTIFACT_PATH_REQUIREMENTS := true
|
||||
|
||||
#
|
||||
# All components inherited here go to system_ext image
|
||||
#
|
||||
$(call inherit-product, device/nehemiah/wephone/gsi_system_ext.mk)
|
||||
|
||||
#
|
||||
# All components inherited here go to product image
|
||||
#
|
||||
$(call inherit-product, device/generic/common/gsi_product.mk)
|
||||
|
||||
#
|
||||
# All components inherited here go to boot image
|
||||
#
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/board/generic_arm64/device.mk)
|
||||
|
||||
#
|
||||
# Special settings for GSI releasing
|
||||
#
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/gsi_release.mk)
|
||||
|
||||
PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false
|
||||
|
||||
PRODUCT_NAME := duoqin-f22pro
|
||||
PRODUCT_DEVICE := duoqin
|
||||
PRODUCT_BRAND := wePhone
|
||||
PRODUCT_MODEL := F22pro wePhone
|
||||
|
||||
PRODUCT_CHARACTERISTICS := device
|
||||
|
||||
PRODUCT_PACKAGE_OVERLAYS += device/nehemiah/wephone/overlay
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/nehemiah/wephone/files/mtk-kpd.idc:$(TARGET_COPY_OUT_SYSTEM)/usr/idc/mtk-kpd.idc \
|
||||
device/nehemiah/wephone/files/mtk-kpd.kcm:$(TARGET_COPY_OUT_SYSTEM)/usr/keychars/mtk-kpd.kcm \
|
||||
device/nehemiah/wephone/files/mtk-kpd.kl:$(TARGET_COPY_OUT_SYSTEM)/usr/keylayout/mtk-kpd.kl
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/nehemiah/wephone/files/f22pro-animation.zip:$(TARGET_COPY_OUT_SYSTEM)/media/bootanimation.zip \
|
||||
device/nehemiah/wephone/files/privapp-permissions-app.lawnchair.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/permissions/privapp-permissions-app.lawnchair.xml \
|
||||
device/nehemiah/wephone/files/privapp-permissions-net.mezimmah.wkt9.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/permissions/privapp-permissions-net.mezimmah.wkt9.xml
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
mkfs.exfat \
|
||||
fsck.exfat
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
BromiteSystemWebView \
|
||||
Contacts \
|
||||
Conversations \
|
||||
Davx5 \
|
||||
Etar \
|
||||
ExactCalculator \
|
||||
DeskClock \
|
||||
FDroid \
|
||||
Gallery2 \
|
||||
Lawnchair \
|
||||
Lawnicons \
|
||||
Linphone \
|
||||
Nextcloud \
|
||||
Wireguard
|
||||
Binary file not shown.
@ -1,38 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<permissions>
|
||||
<privapp-permissions package="app.lawnchair">
|
||||
<permission name="android.permission.INTERNET"/>
|
||||
<permission name="android.permission.PACKAGE_USAGE_STATS"/>
|
||||
<permission name="android.permission.FOREGROUND_SERVICE"/>
|
||||
<permission name="com.google.android.apps.nexuslauncher.permission.QSB"/>
|
||||
<permission name="android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS"/>
|
||||
<permission name="android.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS"/>
|
||||
<permission name="android.permission.VIBRATE"/>
|
||||
<permission name="android.permission.QUERY_ALL_PACKAGES"/>
|
||||
<permission name="android.permission.START_TASKS_FROM_RECENTS"/>
|
||||
<permission name="android.permission.REMOVE_TASKS"/>
|
||||
<permission name="android.permission.WRITE_SECURE_SETTINGS"/>
|
||||
<permission name="android.permission.MANAGE_ACTIVITY_TASKS"/>
|
||||
<permission name="android.permission.STATUS_BAR"/>
|
||||
<permission name="android.permission.STOP_APP_SWITCHES"/>
|
||||
<permission name="android.permission.SET_ORIENTATION"/>
|
||||
<permission name="android.permission.READ_FRAME_BUFFER"/>
|
||||
<permission name="android.permission.MANAGE_ACCESSIBILITY"/>
|
||||
<permission name="android.permission.MONITOR_INPUT"/>
|
||||
<permission name="android.permission.ALLOW_SLIPPERY_TOUCHES"/>
|
||||
<permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/>
|
||||
<permission name="android.permission.CALL_PHONE"/>
|
||||
<permission name="android.permission.SET_WALLPAPER"/>
|
||||
<permission name="android.permission.SET_WALLPAPER_HINTS"/>
|
||||
<permission name="android.permission.BIND_APPWIDGET"/>
|
||||
<permission name="android.permission.READ_EXTERNAL_STORAGE"/>
|
||||
<permission name="android.permission.RECEIVE_BOOT_COMPLETED"/>
|
||||
<permission name="android.permission.REQUEST_DELETE_PACKAGES"/>
|
||||
<permission name="android.permission.READ_DEVICE_CONFIG"/>
|
||||
<permission name="android.permission.EXPAND_STATUS_BAR"/>
|
||||
<permission name="android.permission.ROTATE_SURFACE_FLINGER"/>
|
||||
<permission name="app.lawnchair.permission.READ_SETTINGS"/>
|
||||
<permission name="app.lawnchair.permission.WRITE_SETTINGS"/>
|
||||
<permission name="app.lawnchair.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION"/>
|
||||
</privapp-permissions>
|
||||
</permissions>
|
||||
@ -1,9 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<permissions>
|
||||
<privapp-permissions package="net.mezimmah.wkt9">
|
||||
<permission name="android.permission.INTERNET"/>
|
||||
<permission name="android.permission.RECORD_AUDIO"/>
|
||||
<permission name="android.permission.POST_NOTIFICATIONS"/>
|
||||
<permission name="android.permission.CONTROL_DEVICE_LIGHTS"/>
|
||||
</privapp-permissions>
|
||||
</permissions>
|
||||
@ -1,13 +0,0 @@
|
||||
diff --git a/src/com/android/launcher3/config/FeatureFlags.java b/src/com/android/launcher3/config/FeatureFlags.java
|
||||
index 88a9abaf8d..d4a65f05bb 100644
|
||||
--- a/src/com/android/launcher3/config/FeatureFlags.java
|
||||
+++ b/src/com/android/launcher3/config/FeatureFlags.java
|
||||
@@ -52,7 +52,7 @@ public final class FeatureFlags {
|
||||
* Enable moving the QSB on the 0th screen of the workspace. This is not a configuration feature
|
||||
* and should be modified at a project level.
|
||||
*/
|
||||
- public static final boolean QSB_ON_FIRST_SCREEN = true;
|
||||
+ public static final boolean QSB_ON_FIRST_SCREEN = false;
|
||||
|
||||
/**
|
||||
* Feature flag to handle define config changes dynamically instead of killing the process.
|
||||
@ -1,10 +0,0 @@
|
||||
allow cameraserver phhsu_exec:file rx_file_perms;
|
||||
|
||||
type asus_motor_device, file_type;
|
||||
allow cameraserver asus_motor_device:chr_file { open read write ioctl };
|
||||
allowxperm cameraserver asus_motor_device:chr_file ioctl { 0x4d02 };
|
||||
|
||||
type vendor_sysfs_graphics, file_type;
|
||||
allow platform_app vendor_sysfs_graphics:dir r_dir_perms;
|
||||
allow platform_app vendor_sysfs_graphics:file r_file_perms;
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
type sysfs_board_properties, fs_type, sysfs_type;
|
||||
|
||||
allow system_server sysfs_board_properties:dir search;
|
||||
allow system_server sysfs_board_properties:file r_file_perms;
|
||||
@ -1,3 +0,0 @@
|
||||
#11-14 21:15:02.748 477 477 I auditd : type=1400 audit(0.0:104): avc: denied { search } for comm="BootAnimation" name="dri" dev="tmpfs" ino=1108 scontext=u:r:bootanim:s0 tcontext=u:object_r:gpu_device:s0 tclass=dir permissive=0
|
||||
#Seen on some MTK devices
|
||||
allow bootanim gpu_device:dir r_dir_perms;
|
||||
@ -1,15 +0,0 @@
|
||||
# Allow charger to write to sysfs_backlight_attr (only for huawei)
|
||||
attribute sysfs_backlight_attr;
|
||||
allow charger sysfs_backlight_attr:file rw_file_perms;
|
||||
|
||||
# Allow charger to write to sysfs_led_attr (only for huawei)
|
||||
# attribute sysfs_led_attr;
|
||||
# allow charger sysfs_led_attr:file rw_file_perms;
|
||||
|
||||
# Allow charger to read and write to sysfs_power
|
||||
allow charger sysfs_power:file rw_file_perms;
|
||||
allow charger sysfs_power:dir r_dir_perms;
|
||||
allow charger sysfs_power:lnk_file read;
|
||||
|
||||
# The system charger can write powerctl properties
|
||||
set_prop(charger, powerctl_prop)
|
||||
@ -1,22 +0,0 @@
|
||||
/system/bin/phh-su u:object_r:phhsu_exec:s0
|
||||
/system/bin/vndk-detect u:object_r:vndk_detect_exec:s0
|
||||
/system/etc/usb_audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
|
||||
/system/bin/rw-system.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/phh-on-boot.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/phh-on-data.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/wephone.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/asus-motor u:object_r:phhsu_exec:s0
|
||||
/system/bin/xiaomi-touch u:object_r:phhsu_exec:s0
|
||||
|
||||
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
|
||||
|
||||
/sec_storage(/.*)? u:object_r:teecd_data_file:s0
|
||||
/dev/dsm u:object_r:dmd_device:s0
|
||||
|
||||
/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oppo.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0
|
||||
/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oplus.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0
|
||||
|
||||
/efs u:object_r:efs_file:s0
|
||||
|
||||
/dev/smcinvoke u:object_r:smcinvoke_device:s0
|
||||
/system/bin/hw/android\.hardware\.bluetooth\.audio-service-system u:object_r:hal_audio_sysbta_exec:s0
|
||||
@ -1 +0,0 @@
|
||||
genfscon sysfs /board_properties u:object_r:sysfs_board_properties:s0
|
||||
@ -1,10 +0,0 @@
|
||||
type hal_fingerprint_oppo_compat, domain;
|
||||
hal_client_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
|
||||
hal_server_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
|
||||
|
||||
type hal_fingerprint_oppo_compat_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_fingerprint_oppo_compat)
|
||||
|
||||
|
||||
type hal_fingerprint_oppo, domain;
|
||||
allow hal_fingerprint_oppo vendor_default_prop:property_service { set };
|
||||
@ -1,4 +0,0 @@
|
||||
type hal_aguiledbelt_hwservice, hwservice_manager_type;
|
||||
allow system_app hal_aguiledbelt_hwservice:hwservice_manager { find };
|
||||
type hal_aguiledbelt, domain;
|
||||
allow system_app hal_aguiledbelt:binder { call };
|
||||
@ -1,10 +0,0 @@
|
||||
type hal_audio_sysbta, domain, coredomain;
|
||||
hal_server_domain(hal_audio_sysbta, hal_audio)
|
||||
|
||||
type hal_audio_sysbta_exec, exec_type, system_file_type, file_type;
|
||||
init_daemon_domain(hal_audio_sysbta)
|
||||
|
||||
hal_client_domain(hal_audio_sysbta, hal_allocator)
|
||||
|
||||
# allow audioserver to call hal_audio dump with its own fd to retrieve status
|
||||
allow hal_audio_sysbta audioserver:fifo_file write;
|
||||
@ -1 +0,0 @@
|
||||
allow priv_app overlay_service:service_manager find;
|
||||
@ -1,4 +0,0 @@
|
||||
type hostapd, domain;
|
||||
|
||||
allow hostapd wifi_data_file:dir create_dir_perms;
|
||||
allow hostapd wifi_data_file:file create_file_perms;
|
||||
@ -1,37 +0,0 @@
|
||||
allow ueventd proc:file r_file_perms;
|
||||
permissive ueventd;
|
||||
|
||||
type teecd_data_file, file_type;
|
||||
type dmd_device, file_type;
|
||||
allow hal_fingerprint_server dmd_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_server sysfs:file rw_file_perms;
|
||||
allow tee hal_fingerprint_default:process { getattr };
|
||||
allow tee teecd_data_file:dir { search read write create getattr add_name open };
|
||||
allow tee teecd_data_file:file { read write create getattr open };
|
||||
allow tee system_data_file:dir { getattr };
|
||||
|
||||
type oeminfo_nvm, domain;
|
||||
type oeminfo_nvm_device, file_type;
|
||||
allowxperm oeminfo_nvm oeminfo_nvm_device:blk_file ioctl { 0x1260 };
|
||||
|
||||
allow charger rootfs:file { ioctl read getattr lock map execute entrypoint open };
|
||||
|
||||
# This is use exclusively for init to relabel /dev/selinux from tmpfs to device
|
||||
allow kernel tmpfs:{ dir file } relabelfrom;
|
||||
allow kernel device:{ dir file } relabelto;
|
||||
|
||||
# system/core/init/mount_handler.cpp likes to browse all /sys/block/xxx, so let it do so...
|
||||
type sys_block_sdd, file_type;
|
||||
allow init { sysfs sys_block_sdd }:dir r_dir_perms;
|
||||
allow init { sysfs sys_block_sdd }:file r_file_perms;
|
||||
allow init { sysfs sys_block_sdd }:lnk_file read;
|
||||
|
||||
allowxperm vendor_init { teecd_data_file }:dir ioctl {
|
||||
FS_IOC_GET_ENCRYPTION_POLICY
|
||||
FS_IOC_SET_ENCRYPTION_POLICY
|
||||
};
|
||||
|
||||
# Fixes boot issue in EMUI 9 P20 lite
|
||||
type sys_block_mmcblk0, file_type;
|
||||
allow init sys_block_mmcblk0:lnk_file read;
|
||||
allow init sysfs_zram:lnk_file read;
|
||||
@ -1,13 +0,0 @@
|
||||
#This is in Android 8.0, but not 8.1
|
||||
domain_trans(init, rootfs, adbd)
|
||||
|
||||
#This is used on Huawei devices to f2fs data partition
|
||||
allow init userdata_block_device:blk_file relabelto;
|
||||
allow init userdata_block_device:lnk_file relabelto;
|
||||
|
||||
allow vendor_init vendor_init:capability { sys_module };
|
||||
|
||||
allow init system_file:lnk_file create_file_perms;
|
||||
|
||||
#fix adb in some cases
|
||||
allow init adbd_exec:lnk_file read;
|
||||
@ -1,8 +0,0 @@
|
||||
#Access to fake keymaster SPL/Android version props
|
||||
get_prop(hal_keymaster, default_prop);
|
||||
get_prop(tee, default_prop);
|
||||
|
||||
get_prop(hal_keymaster, system_prop);
|
||||
|
||||
get_prop(hal_gatekeeper, system_prop);
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
allow keystore domain:process getattr;
|
||||
allow keystore domain:dir r_dir_perms;
|
||||
allow keystore domain:file r_file_perms;
|
||||
@ -1,4 +0,0 @@
|
||||
type sysfs_tp, file_type;
|
||||
|
||||
#Allow treble_app access to /sys/devices/virtual/touch/tp_dev/gesture_on
|
||||
allow system_app sysfs_tp:file rw_file_perms;
|
||||
@ -1 +0,0 @@
|
||||
allow lmkd self:capability sys_ptrace;
|
||||
@ -1,29 +0,0 @@
|
||||
type hal_graphics_allocator_default, domain;
|
||||
type proc_ged, file_type;
|
||||
allowxperm domain proc_ged:file ioctl { 0x6700-0x67ff };
|
||||
|
||||
allow init mnt_product_file:dir mounton;
|
||||
|
||||
type mtk_hal_audio, domain;
|
||||
typeattribute mtk_hal_audio hal_broadcastradio_client;
|
||||
|
||||
type mtk_hal_power, domain;
|
||||
allow mtk_hal_power system_data_root_file:file create_file_perms;
|
||||
allow zygote ashmem_device:chr_file execute;
|
||||
|
||||
attribute hal_mms_server;
|
||||
binder_call({appdomain -isolated_app}, hal_mms_server)
|
||||
binder_call(hal_mms_server, {appdomain -isolated_app})
|
||||
|
||||
type mtk_hal_mms_hwservice, hwservice_manager_type;
|
||||
allow { appdomain -isolated_app } mtk_hal_mms_hwservice:hwservice_manager find;
|
||||
|
||||
#denied { read } for comm="tkuinit" name="u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
|
||||
#denied { open } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
|
||||
#denied { getattr } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
|
||||
|
||||
type tkcore, domain;
|
||||
permissive tkcore;
|
||||
|
||||
allow platform_app sysfs_leds:dir r_dir_perms;
|
||||
allow platform_app sysfs_leds:file r_file_perms;
|
||||
@ -1,4 +0,0 @@
|
||||
# Shoulder buttons/triggers
|
||||
type sensitivity_sysfs, file_type;
|
||||
allow shell sensitivity_sysfs:file rw_file_perms;
|
||||
allow system_app sensitivity_sysfs:file rw_file_perms;
|
||||
@ -1,10 +0,0 @@
|
||||
type sysfs_usb_supply, file_type;
|
||||
|
||||
allow system_app sysfs_usb_supply:file rw_file_perms;
|
||||
|
||||
type hal_fingerprint_oplus, domain;
|
||||
allow hal_fingerprint_oplus vendor_default_prop:property_service set;
|
||||
|
||||
get_prop(hal_fingerprint_oplus, default_prop);
|
||||
get_prop(system_server, vendor_default_prop);
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
type phhota_dev, dev_type;
|
||||
typeattribute phhota_dev mlstrustedobject;
|
||||
|
||||
allow phhsu_daemon phhota_dev:blk_file rw_file_perms;
|
||||
allow system_app phhota_dev:blk_file rw_file_perms;
|
||||
allow kernel phhsu_daemon:fd use;
|
||||
|
||||
allow phhsu_daemon gsi_data_file:file ioctl;
|
||||
allowxperm phhsu_daemon gsi_data_file:file ioctl { 0x660b };
|
||||
|
||||
allow phhsu_daemon loop_device:blk_file ioctl;
|
||||
allowxperm phhsu_daemon loop_device:blk_file ioctl { 0x4c00 };
|
||||
|
||||
allow phhsu_daemon userdata_block_device:blk_file ioctl;
|
||||
allowxperm phhsu_daemon userdata_block_device:blk_file ioctl { 0x1278 0x127a };
|
||||
|
||||
allow kernel gsi_data_file:file rw_file_perms;
|
||||
@ -1,2 +0,0 @@
|
||||
persist.sys.sf.hs_mode u:object_r:sf_hs_mode_prop:s0
|
||||
hwc.exynos.vsync_mode u:object_r:vendor_hwc_prop:s0
|
||||
@ -1,22 +0,0 @@
|
||||
type qcrilam_app, domain;
|
||||
|
||||
app_domain(qcrilam_app)
|
||||
|
||||
# Needed to get access to /data/data/me.phh.qcrilam
|
||||
# Only getattr and search are requested since qcrilam does not write to its own directory
|
||||
# /data/data/me.phh.qcrilam only has two empty subdirs
|
||||
dontaudit qcrilam_app app_data_file:dir { getattr search };
|
||||
|
||||
# Access services that should be available to all apps
|
||||
allow qcrilam_app app_api_service:service_manager find;
|
||||
|
||||
# Find media.audio_flinger
|
||||
allow qcrilam_app audioserver_service:service_manager find;
|
||||
# Find isub
|
||||
allow qcrilam_app radio_service:service_manager find;
|
||||
|
||||
# Find the vendor.qti.hardware.radio.am::IQcRilAudio HIDL service
|
||||
# And grant binder access to the host (`rild`)
|
||||
hal_client_domain(qcrilam_app, hal_telephony)
|
||||
|
||||
allow qcrilam_app cgroup:file w_file_perms;
|
||||
@ -1,32 +0,0 @@
|
||||
type bt_firmware_file, file_type;
|
||||
type rild, domain;
|
||||
|
||||
#me.phh.treble.qti.audio is system-signed
|
||||
allow system_app hal_telephony_hwservice:hwservice_manager { find };
|
||||
allow { rild system_app } { rild system_app }:binder { call transfer };
|
||||
|
||||
#Pixel 1
|
||||
type vnd_qcril_audio_hwservice, hwservice_manager_type;
|
||||
allow system_app vnd_qcril_audio_hwservice:hwservice_manager { find };
|
||||
|
||||
#Pixel 2
|
||||
type vnd_qcrilhook_hwservice, hwservice_manager_type;
|
||||
allow system_app vnd_qcrilhook_hwservice:hwservice_manager { find };
|
||||
|
||||
#OP6
|
||||
allow system_app hal_telephony_hwservice:hwservice_manager { find };
|
||||
|
||||
# cf https://github.com/phhusson/treble_experimentations/issues/131
|
||||
# SELinux : avc: denied { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0
|
||||
type ipacm, hwservice_manager_type;
|
||||
allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add };
|
||||
|
||||
type rpmb_device, file_type;
|
||||
allow tee rpmb_device:blk_file rw_file_perms;
|
||||
allowxperm tee rpmb_device:blk_file ioctl { 0xb300-0xbfff };
|
||||
|
||||
attribute smcinvoke_device_29_0;
|
||||
type smcinvoke_device, dev_type;
|
||||
typeattribute smcinvoke_device smcinvoke_device_29_0;
|
||||
|
||||
get_prop(rild, default_prop);
|
||||
@ -1,22 +0,0 @@
|
||||
type boot_prop, property_type;
|
||||
|
||||
set_prop(system_server, boot_prop);
|
||||
|
||||
type hal_graphics_composer_default, domain;
|
||||
|
||||
type sf_hs_mode_prop, property_type;
|
||||
|
||||
get_prop(hal_graphics_composer_default, sf_hs_mode_prop);
|
||||
|
||||
type vendor_hwc_prop, property_type;
|
||||
|
||||
get_prop(hal_graphics_composer_default, vendor_hwc_prop);
|
||||
|
||||
type sysfs_vnswap, file_type;
|
||||
allow init sysfs_vnswap:{file lnk_file } r_file_perms;
|
||||
|
||||
allow kernel { mac_perms_file hwservice_contexts_file property_contexts_file service_contexts_file seapp_contexts_file file_contexts_file }:file relabelto;
|
||||
allow kernel tmpfs:file relabelfrom;
|
||||
|
||||
type sysfs_ski_display_writable, file_type;
|
||||
allow platform_app sysfs_ski_display_writable:file r_file_perms;
|
||||
@ -1 +0,0 @@
|
||||
user=_app seinfo=platform name=me.phh.qcrilam domain=qcrilam_app type=app_data_file
|
||||
@ -1 +0,0 @@
|
||||
type qcrilam_service, service_manager_type;
|
||||
@ -1,16 +0,0 @@
|
||||
qti.ims.ext u:object_r:radio_service:s0
|
||||
# SPRD IMS
|
||||
ims_ex u:object_r:radio_service:s0
|
||||
ims_ut_ex u:object_r:radio_service:s0
|
||||
ims_doze_manager u:object_r:radio_service:s0
|
||||
irit u:object_r:radio_service:s0
|
||||
|
||||
# MTK IMS
|
||||
mwis u:object_r:radio_service:s0
|
||||
mtkIms u:object_r:radio_service:s0
|
||||
|
||||
# Audio AIDL interface
|
||||
android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/sysbta u:object_r:hal_audio_service:s0
|
||||
|
||||
# QcRilAm
|
||||
me.phh.qcrilam u:object_r:qcrilam_service:s0
|
||||
@ -1,151 +0,0 @@
|
||||
type phhsu_daemon, domain, mlstrustedsubject;
|
||||
type phhsu_exec, exec_type, file_type;
|
||||
type phhsu_daemon_tmpfs, file_type;
|
||||
|
||||
typeattribute phhsu_daemon coredomain;
|
||||
permissive phhsu_daemon;
|
||||
|
||||
tmpfs_domain(phhsu_daemon);
|
||||
domain_auto_trans(init, phhsu_exec, phhsu_daemon);
|
||||
file_type_auto_trans(phhsu_daemon, device, phhsu_daemon);
|
||||
|
||||
allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read };
|
||||
allow { appdomain shell } phhsu_daemon:sock_file { write read };
|
||||
allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans };
|
||||
|
||||
create_pty(shell)
|
||||
allowxperm shell devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls };
|
||||
allowxperm { phhsu_daemon untrusted_app untrusted_app_27 } untrusted_app_all_devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls };
|
||||
|
||||
allow servicemanager phhsu_daemon:dir { search read };
|
||||
allow servicemanager phhsu_daemon:file { open read };
|
||||
allow servicemanager phhsu_daemon:process { getattr };
|
||||
allow servicemanager phhsu_daemon:binder { call transfer };
|
||||
|
||||
typeattribute phhsu_daemon mlstrustedobject;
|
||||
typeattribute phhsu_daemon mlstrustedsubject;
|
||||
|
||||
allow shell su_exec:file getattr;
|
||||
typeattribute su mlstrustedsubject;
|
||||
|
||||
allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find;
|
||||
|
||||
allow system_server phhsu_daemon:fifo_file { read write getattr };
|
||||
allow system_server phhsu_daemon:fd use;
|
||||
allow system_server phhsu_daemon:binder { call transfer };
|
||||
allow system_server shell_devpts:chr_file { read write };
|
||||
|
||||
# Add su to various domains
|
||||
net_domain(phhsu_daemon)
|
||||
|
||||
hwbinder_use(phhsu_daemon)
|
||||
|
||||
allow domain untrusted_app_all_devpts:chr_file { getattr read write };
|
||||
allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl };
|
||||
allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl };
|
||||
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
|
||||
|
||||
allow appdomain phhsu_daemon:dir { search };
|
||||
|
||||
allow phhsu_daemon self:global_capability_class_set { sys_resource sys_ptrace };
|
||||
|
||||
allow phhsu_daemon self:dir rw_dir_perms;
|
||||
allow phhsu_daemon self:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon self:lnk_file { r_file_perms execmod };
|
||||
|
||||
allow phhsu_daemon adbd_exec:file { getattr read };
|
||||
allow phhsu_daemon { rootfs same_process_hal_file system_file tmpfs }:file { mounton getattr };
|
||||
allow phhsu_daemon self:capability { sys_admin chown setuid setgid net_raw dac_override dac_read_search kill fowner mknod };
|
||||
allow phhsu_daemon self:capability2 { syslog };
|
||||
allow phhsu_daemon shell_exec:file rx_file_perms;
|
||||
allow phhsu_daemon system_file:file { rx_file_perms entrypoint };
|
||||
allow phhsu_daemon kmsg_device:chr_file { ioctl w_file_perms };
|
||||
allow phhsu_daemon toolbox_exec:file rx_file_perms;
|
||||
allow phhsu_daemon system_block_device:{ lnk_file file } r_file_perms;
|
||||
|
||||
allow { phhsu_daemon shell } domain:dir rw_dir_perms;
|
||||
allow { phhsu_daemon shell } domain:file rw_file_perms;
|
||||
allow { phhsu_daemon shell } domain:lnk_file rw_file_perms;
|
||||
allow { phhsu_daemon shell } rootfs:file { rwx_file_perms create rename setattr unlink };
|
||||
allow { phhsu_daemon shell } rootfs:dir rw_dir_perms;
|
||||
allow phhsu_daemon asec_apk_file:dir rw_dir_perms;
|
||||
|
||||
allow phhsu_daemon shell_devpts:chr_file rw_file_perms;
|
||||
|
||||
allow phhsu_daemon app_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon dalvikcache_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon dalvikcache_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon dalvikcache_data_file:lnk_file { r_file_perms execmod };
|
||||
allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon system_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon system_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon system_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon init:unix_stream_socket { connectto };
|
||||
allow phhsu_daemon self:process { ptrace setexec execmem setfscreate };
|
||||
allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon app_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon ashmem_device:chr_file { execute };
|
||||
allow phhsu_daemon dex2oat_exec:file rx_file_perms;
|
||||
|
||||
|
||||
allow phhsu_daemon phhsu_daemon_tmpfs:file rwx_file_perms;
|
||||
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename };
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:chr_file { rwx_file_perms unlink rename ioctl};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:blk_file { rw_file_perms create unlink rename ioctl};
|
||||
|
||||
allow phhsu_daemon device:file rwx_file_perms;
|
||||
allow phhsu_daemon device:dir rw_dir_perms;
|
||||
|
||||
allow phhsu_daemon domain:process { ptrace signal signull getattr };
|
||||
allow phhsu_daemon selinuxfs:file rwx_file_perms;
|
||||
allow domain phhsu_daemon:process { sigchld };
|
||||
allow phhsu_daemon domain:binder { call transfer };
|
||||
allow phhsu_daemon kernel:system { syslog_read syslog_mod };
|
||||
allow phhsu_daemon kernel:security { setenforce compute_av };
|
||||
allow phhsu_daemon domain:unix_stream_socket { getattr };
|
||||
|
||||
allow phhsu_daemon logdr_socket:sock_file write;
|
||||
allow phhsu_daemon logd:unix_stream_socket connectto;
|
||||
|
||||
allow phhsu_daemon property_type:property_service { set };
|
||||
allow phhsu_daemon property_socket:sock_file { write };
|
||||
allow phhsu_daemon property_type:file rw_file_perms;
|
||||
allow phhsu_daemon { hwservicemanager hwservice_manager_type }:hwservice_manager { list add find };
|
||||
allow phhsu_daemon domain:unix_dgram_socket rw_socket_perms;
|
||||
|
||||
allow phhsu_daemon tombstoned_intercept_socket:sock_file { write };
|
||||
allow phhsu_daemon tombstoned:unix_stream_socket { connectto };
|
||||
|
||||
allow phhsu_daemon { property_data_file data_file_type tmpfs }:file create_file_perms;
|
||||
allow phhsu_daemon { property_data_file data_file_type tmpfs }:dir create_dir_perms;
|
||||
|
||||
allow phhsu_daemon { tmpfs fs_type }:filesystem { mount remount unmount associate };
|
||||
|
||||
allow phhsu_daemon phhsu_daemon:file relabelfrom;
|
||||
|
||||
allow phhsu_daemon properties_device:dir { map };
|
||||
allow phhsu_daemon { tmpfs }:dir { mounton };
|
||||
allow phhsu_daemon { file_type shell_data_file system_file}:file { relabelto relabelfrom} ;
|
||||
|
||||
allow phhsu_daemon domain:fd { use };
|
||||
allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown };
|
||||
allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read };
|
||||
allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms };
|
||||
|
||||
allow phhsu_daemon file_type:file create_file_perms;
|
||||
allow phhsu_daemon file_type:dir create_dir_perms;
|
||||
|
||||
allow phhsu_daemon domain:process { transition };
|
||||
|
||||
|
||||
# 05-09 00:05:30.149 18450 18450 W lprename: type=1400 audit(0.0:40923): avc: denied { ioctl } for path="/dev/block/sda25" dev="tmpfs" ino=19441 ioctlcmd=0x1278 scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:super_block_device:s0 tclass=blk_file permissive=0
|
||||
# 06-06 12:59:53.775 30150 30150 I auditd : type=1400 audit(0.0:35585): avc: denied { ioctl } for comm="blockdev" path="/dev/block/dm-3" dev="tmpfs" ino=12687 ioctlcmd=0x125d scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0
|
||||
|
||||
allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff };
|
||||
allowxperm phhsu_daemon { system_block_device super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d };
|
||||
@ -1,45 +0,0 @@
|
||||
allow system_app hal_wifi_hostapd_hwservice:hwservice_manager { add find };
|
||||
allow system_app hidl_base_hwservice:hwservice_manager { add };
|
||||
allow system_app wifi_data_file:dir create_dir_perms;
|
||||
allow system_app wifi_data_file:file create_file_perms;
|
||||
|
||||
allow system_app sysfs_batteryinfo:file rw_file_perms;
|
||||
|
||||
type vendor_camera_prop, property_type;
|
||||
set_prop(system_app, vendor_camera_prop);
|
||||
type camera_prop, property_type;
|
||||
set_prop(system_app, camera_prop);
|
||||
|
||||
type hal_ext_fingerprint_hwservice, hwservice_manager_type;
|
||||
allow system_app hal_ext_fingerprint_hwservice:hwservice_manager { find };
|
||||
type hal_fingerprint_default, domain;
|
||||
allow system_app hal_fingerprint_default:binder { call };
|
||||
allow system_app sysfs_power:dir r_dir_perms;
|
||||
allow system_app sysfs_power:file rw_file_perms;
|
||||
allow system_app sysfs_power:lnk_file read;
|
||||
|
||||
type default_hisi_hwservice, hwservice_manager_type;
|
||||
allow system_app default_hisi_hwservice:hwservice_manager { find };
|
||||
|
||||
type hal_tp_default, domain;
|
||||
allow system_app hal_tp_default:binder { call };
|
||||
|
||||
#cam2api
|
||||
allow system_app vendor_default_prop:property_service { set };
|
||||
|
||||
set_prop(system_app, default_prop);
|
||||
#set_prop(system_app, exported3_default_prop);
|
||||
#set_prop(system_app, telephony_config_prop);
|
||||
|
||||
type mtk_hal_rild_hwservice, hwservice_manager_type;
|
||||
allow system_app mtk_hal_rild_hwservice:hwservice_manager { find};
|
||||
|
||||
type mtk_vilte_support_prop, property_type;
|
||||
allow system_app mtk_vilte_support_prop:property_service set;
|
||||
|
||||
type hal_gesturewake_hwservice, hwservice_manager_type;
|
||||
type hal_gesturewake_default, domain;
|
||||
allow system_app hal_gesturewake_hwservice:hwservice_manager { find };
|
||||
allow system_app hal_gesturewake_default:binder { call transfer };
|
||||
allow hal_gesturewake_default system_app:binder { call transfer };
|
||||
|
||||
@ -1,27 +0,0 @@
|
||||
type vndk_detect, coredomain, domain;
|
||||
type vndk_detect_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(vndk_detect);
|
||||
allow vndk_detect sepolicy_file:file r_file_perms;
|
||||
set_prop(vndk_detect,system_prop);
|
||||
set_prop(vndk_detect,debug_prop);
|
||||
|
||||
allow vndk_detect shell_exec:file rx_file_perms;
|
||||
allow vndk_detect toolbox_exec:file rx_file_perms;
|
||||
#/system/bin/grep
|
||||
allow vndk_detect system_file:file rx_file_perms;
|
||||
|
||||
#mount -o bind /system/bin/adbd /sbin/adbd
|
||||
allow vndk_detect adbd_exec:file { getattr read };
|
||||
allow vndk_detect rootfs:file { mounton getattr };
|
||||
allow vndk_detect self:capability { sys_admin };
|
||||
|
||||
#mount -o bind /system/etc/usb_audio_policy_configuration.xml /vendor/etc/usb_audio_policy_configuration.xml
|
||||
allow init vendor_configs_file:file { getattr mounton };
|
||||
|
||||
#/sys/module/five
|
||||
allow vndk_detect sysfs:file r_file_perms;
|
||||
allow vndk_detect sysfs:dir r_dir_perms;
|
||||
|
||||
#/proc/filesystems
|
||||
allow vndk_detect proc_filesystems:file r_file_perms;
|
||||
@ -1,2 +0,0 @@
|
||||
allow vold system_data_file:lnk_file { unlink };
|
||||
allow mediaextractor sdcard_type:file read;
|
||||
@ -1,12 +0,0 @@
|
||||
type vendor_sysfs_displayfeature, domain, mlstrustedobject;
|
||||
allow platform_app vendor_sysfs_displayfeature:dir search;
|
||||
|
||||
allow platform_app vendor_sysfs_displayfeature:file write;
|
||||
allow platform_app vendor_sysfs_displayfeature:file open;
|
||||
allow platform_app vendor_sysfs_displayfeature:file getattr;
|
||||
|
||||
type sysfs_tp_fodstatus, property_type;
|
||||
allow shell sysfs_tp_fodstatus:file getattr;
|
||||
|
||||
allow shell vendor_sysfs_displayfeature:dir search;
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
LOCAL_PATH := $(call my-dir)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_SRC_FILES := su
|
||||
LOCAL_MODULE := phh-su
|
||||
LOCAL_MODULE_CLASS := EXECUTABLES
|
||||
|
||||
LOCAL_INIT_RC := su.rc
|
||||
|
||||
include $(BUILD_PREBUILT)
|
||||
BIN
duoqin/su/su
BIN
duoqin/su/su
Binary file not shown.
@ -1,2 +0,0 @@
|
||||
service sudaemon /system/bin/phh-su --daemon
|
||||
class main
|
||||
@ -1,2 +0,0 @@
|
||||
on post-fs
|
||||
exec - root -- /system/bin/wephone.sh
|
||||
@ -1,3 +0,0 @@
|
||||
#!/system/bin/sh
|
||||
|
||||
touch /mnt/banana
|
||||
Loading…
x
Reference in New Issue
Block a user