diff --git a/nehemiah/AndroidProducts.mk b/nehemiah/AndroidProducts.mk new file mode 100644 index 0000000..ad358b7 --- /dev/null +++ b/nehemiah/AndroidProducts.mk @@ -0,0 +1,2 @@ +PRODUCT_MAKEFILES := \ + $(LOCAL_DIR)/nehemiah.mk \ No newline at end of file diff --git a/nehemiah/base-pre.mk b/nehemiah/base-pre.mk new file mode 100644 index 0000000..8db5af7 --- /dev/null +++ b/nehemiah/base-pre.mk @@ -0,0 +1,2 @@ +PRODUCT_COPY_FILES += \ + device/sample/etc/apns-full-conf.xml:system/etc/apns-conf.xml \ No newline at end of file diff --git a/nehemiah/base.mk b/nehemiah/base.mk new file mode 100644 index 0000000..5e905eb --- /dev/null +++ b/nehemiah/base.mk @@ -0,0 +1,21 @@ +BOARD_PLAT_PRIVATE_SEPOLICY_DIR += device/wephone/nehemiah/sepolicy +PRODUCT_PACKAGE_OVERLAYS += device/wephone/nehemiah/overlay + +$(call inherit-product, vendor/hardware_overlay/overlay.mk) +$(call inherit-product, $(SRC_TARGET_DIR)/product/core_64_bit.mk) +$(call inherit-product, $(SRC_TARGET_DIR)/product/aosp_base_telephony.mk) + +PRODUCT_PACKAGES += \ + treble-environ-rc \ + +PRODUCT_PACKAGES += \ + bootctl \ + vintf \ + simg2img_simple \ + lptools + +ifneq (,$(wildcard external/exfat)) +PRODUCT_PACKAGES += \ + mkfs.exfat \ + fsck.exfat +endif \ No newline at end of file diff --git a/nehemiah/bluetooth/bdroid_buildcfg.h b/nehemiah/bluetooth/bdroid_buildcfg.h new file mode 100644 index 0000000..166bd4a --- /dev/null +++ b/nehemiah/bluetooth/bdroid_buildcfg.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2013, The Linux Foundation. All rights reserved. + * Not a Contribution, Apache license notifications and license are retained + * for attribution purposes only. + * + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _BDROID_BUILDCFG_H +#define _BDROID_BUILDCFG_H + +//#include +#include + +static inline const char* BtmDefLocalName() +{ +#if 0 + static char product_device[PROPERTY_VALUE_MAX]; + //Huawei-defined property + property_get("ro.config.marketing_name", product_device, ""); + + if (strcmp(product_device, "") != 0) + return product_device; + + // Fallback to ro.product.model + return ""; +#endif + return "hello"; +} + +static inline int BtmBypassExtraAclSetup() { +#if 0 + int8_t prop = property_get_bool("persist.sys.bt_acl_bypass", false); + return prop == true; +#endif + return 1; +} + +#define BTM_DEF_LOCAL_NAME BtmDefLocalName() +#define BTM_BYPASS_EXTRA_ACL_SETUP BtmBypassExtraAclSetup() + +#endif diff --git a/nehemiah/board-base.mk b/nehemiah/board-base.mk new file mode 100644 index 0000000..b561863 --- /dev/null +++ b/nehemiah/board-base.mk @@ -0,0 +1,6 @@ +TARGET_SYSTEM_PROP := device/wephone/nehemiah/system.prop $(TARGET_SYSTEM_PROP) +BOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR := device/wephone/nehemiah/bluetooth +TARGET_EXFAT_DRIVER := exfat +DEVICE_FRAMEWORK_MANIFEST_FILE := device/wephone/nehemiah/framework_manifest.xml + +BOARD_ROOT_EXTRA_FOLDERS += bt_firmware sec_storage efs \ No newline at end of file diff --git a/nehemiah/environ/Android.mk b/nehemiah/environ/Android.mk new file mode 100644 index 0000000..750d13b --- /dev/null +++ b/nehemiah/environ/Android.mk @@ -0,0 +1,11 @@ +include $(CLEAR_VARS) + +LOCAL_MODULE := treble-environ-rc +LOCAL_MODULE_TAGS := optional + +LOCAL_POST_INSTALL_CMD := \ + mkdir -p $(PRODUCT_OUT)/system/etc/init/ && \ + sed -e 's?%BOOTCLASSPATH%?$(PRODUCT_BOOTCLASSPATH)?g' device/phh/treble/environ/init.treble-environ.rc > $(PRODUCT_OUT)/system/etc/init/init.treble-environ.rc && \ + sed -i -e 's?%SYSTEMSERVERCLASSPATH%?$(PRODUCT_SYSTEM_SERVER_CLASSPATH)?g' $(PRODUCT_OUT)/system/etc/init/init.treble-environ.rc + +include $(BUILD_PHONY_PACKAGE) diff --git a/nehemiah/environ/init.treble-environ.rc b/nehemiah/environ/init.treble-environ.rc new file mode 100644 index 0000000..4fc8c32 --- /dev/null +++ b/nehemiah/environ/init.treble-environ.rc @@ -0,0 +1,4 @@ +# set up the global environment +on init + export BOOTCLASSPATH /apex/com.android.runtime/javalib/core-oj.jar:/apex/com.android.runtime/javalib/core-libart.jar:/apex/com.android.runtime/javalib/okhttp.jar:/apex/com.android.runtime/javalib/bouncycastle.jar:/apex/com.android.runtime/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/android.test.base.jar:/apex/com.android.conscrypt/javalib/conscrypt.jar:/apex/com.android.media/javalib/updatable-media.jar + export SYSTEMSERVERCLASSPATH /system/framework/services.jar:/system/framework/ethernet-service.jar:/system/framework/wifi-service.jar:/system/framework/com.android.location.provider.jar diff --git a/nehemiah/mediatek_arm64/BoardConfig.mk b/nehemiah/mediatek_arm64/BoardConfig.mk new file mode 100644 index 0000000..5f4ccde --- /dev/null +++ b/nehemiah/mediatek_arm64/BoardConfig.mk @@ -0,0 +1,8 @@ +include build/make/target/board/generic_arm64_ab/BoardConfig.mk +include device/wephone/nehemiah/board-base.mk + +ifeq ($(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE),) +BOARD_SYSTEMIMAGE_PARTITION_SIZE := 2147483648 +else +BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 33554432 +endif \ No newline at end of file diff --git a/nehemiah/nehemiah.mk b/nehemiah/nehemiah.mk new file mode 100644 index 0000000..0d27e5b --- /dev/null +++ b/nehemiah/nehemiah.mk @@ -0,0 +1,15 @@ +TARGET_GAPPS_ARCH := arm64 +$(call inherit-product, device/wephone/nehemiah/base-pre.mk) +include build/make/target/product/aosp_arm64_ab.mk +$(call inherit-product, device/wephone/nehemiah/base.mk) + +PRODUCT_NAME := nehemiah_qin_f21pro +PRODUCT_DEVICE := mediatek_arm64 +PRODUCT_BRAND := wePhone +PRODUCT_SYSTEM_BRAND := wePhone +PRODUCT_MODEL := wePhone Qin F21pro + +# Overwrite the inherited "emulator" characteristics +PRODUCT_CHARACTERISTICS := device + +PRODUCT_PACKAGES += diff --git a/nehemiah/overlay/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.png b/nehemiah/overlay/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.png new file mode 100644 index 0000000..14109dc Binary files /dev/null and b/nehemiah/overlay/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.png differ diff --git a/nehemiah/overlay/frameworks/base/core/res/res/values/config.xml b/nehemiah/overlay/frameworks/base/core/res/res/values/config.xml new file mode 100644 index 0000000..b3ab443 --- /dev/null +++ b/nehemiah/overlay/frameworks/base/core/res/res/values/config.xml @@ -0,0 +1,56 @@ + + + + "usb\\d" + "rndis\\d" + + + + "wlan0" + "softap.*" + "wifi_br0" + "wigig0" + + + + bnep\\d + "bt-pan" + + + true + true + "M50 0C77.6 0 100 22.4 100 50C100 77.6 77.6 100 50 100C22.4 100 0 77.6 0 50C0 22.4 22.4 0 50 0Z" + true + + com.android.wallpaperpicker + true + 5 + true + + com.android.systemui/com.android.systemui.doze.DozeService + true + true + 8.0dip + 4.0dip + + true + + + + 0 + + 1 + + 2 + + 3 + + + true + + android.sensor.light + + 2 + + true + diff --git a/nehemiah/overlay/frameworks/base/core/res/res/xml/config_webview_packages.xml b/nehemiah/overlay/frameworks/base/core/res/res/xml/config_webview_packages.xml new file mode 100644 index 0000000..ac018af --- /dev/null +++ b/nehemiah/overlay/frameworks/base/core/res/res/xml/config_webview_packages.xml @@ -0,0 +1,40 @@ + + + + + + + MIIEQzCCAyugAwIBAgIJAMLgh0ZkSjCNMA0GCSqGSIb3DQEBBAUAMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDAeFw0wODA4MjEyMzEzMzRaFw0zNjAxMDcyMzEzMzRaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAKtWLgDYO6IIrgqWbxJOKdoR8qtW0I9Y4sypEwPpt1TTcvZApxsdyxMJZ2JORland2qSGT2y5b+3JKkedxiLDmpHpDsz2WCbdxgxRczfey5YZnTJ4VZbH0xqWVW/8lGmPav5xVwnIiJS6HXk+BVKZF+JcWjAsb/GEuq/eFdpuzSqeYTcfi6idkyugwfYwXFU1+5fZKUaRKYCwkkFQVfcAs1fXA5V+++FGfvjJ/CxURaSxaBvGdGDhfXE28LWuT9ozCl5xw4Yq5OGazvV24mZVSoOO0yZ31j7kYvtwYK6NeADwbSxDdJEqO4k//0zOHKrUiGYXtqw/A0LFFtqoZKFjnkCAQOjgdkwgdYwHQYDVR0OBBYEFMd9jMIhF1Ylmn/Tgt9r45jk14alMIGmBgNVHSMEgZ4wgZuAFMd9jMIhF1Ylmn/Tgt9r45jk14aloXikdjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMTB0FuZHJvaWSCCQDC4IdGZEowjTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQBt0lLO74UwLDYKqs6Tm8/yzKkEu116FmH4rkaymUIE0P9KaMftGlMexFlaYjzmB2OxZyl6euNXEsQH8gjwyxCUKRJNexBiGcCEyj6z+a1fuHHvkiaai+KL8W1EyNmgjmyy8AW7P+LLlkR+ho5zEHatRbM/YAnqGcFh5iZBqpknHf1SKMXFh4dd239FJ1jWYfbMDMy3NS5CTMQ2XFI1MvcyUTdZPErjQfTbQe3aDQsQcafEQPD+nqActifKZ0Np0IS9L9kR/wbNvyz6ENwPiTrjV2KRkEjH78ZMcUQXg0L3BYHJ3lc69Vs5Ddf9uUGGMYldX3WfMBEmh/9iFBDAaTCK + + + MIIDwzCCAqugAwIBAgIJAOoj9MXoVhH6MA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIGA1UEAwwLY2hyb21lX2JldGEwHhcNMTYwMjI5MTUxNTIzWhcNNDMwNzE3MTUxNTIzWjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQxFDASBgNVBAMMC2Nocm9tZV9iZXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/wW27nRxVqGbFOyXr8jtv2pc2Ke8XMr6Sfs+3JK2licVaAljGFpLtWH4wUdb50w/QQSPALNLSSyuK/94rtp5Jjs4RSJI+whuewV/R6El+mFXBO3Ek5/op4UrOsR91IM4emvS67Ji2u8gp5EmttVgJtllFZCbtZLPmKuTaOkOB+EdWIxrYiHVEEaAcQpEHa9UgWUZ0bMfPj8j3F0w+Ak2ttmTjoFGLaZjuBAYwfdctN1b0sdLT9Lif45kMCb8QwPp0F9/ozs0rrTc+I6vnTS8kfFQfk7GIE4Hgm+cYQEHkIA6gLJxUVWvPZGdulAZw7wPt/neOkazHNZPcV4pYuNLQIDAQABo1AwTjAdBgNVHQ4EFgQU5t7dhcZfOSixRsiJ1E46JhzPlwowHwYDVR0jBBgwFoAU5t7dhcZfOSixRsiJ1E46JhzPlwowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAZO2jB8P1d8ki3KZILvp27a2VM3DInlp8I8UgG3gh7nBQfTrnZr5M1PL8eFHqX7MEvAiGCMTcrPklEhjtcHK/c7BcdeCWq6oL56UK3JTl33RxJcjmjrz3e3VI6ehRSm1feNAkMD0Nr2RWr2LCYheAEmwTPtluLOJS+i7WhnXJzBtg5UpUFEbdFYenqUbDzya+cUVp0197k7hUTs8/Hxs0wf79o/TZXzTBq9eYQkiITonRN8+5QCBl1XmZKV0IHkzGFES1RP+fTiZpIjZT+W4tasHgs9QTTks4CCpyHBAy+uy7tApe1AxCzihgecCfUN1hWIltKwGZS6EE0bu0OXPzaQ== + + + MIIDwTCCAqmgAwIBAgIJAOSN+O0cdii5MA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDETMBEGA1UEAwwKY2hyb21lX2RldjAeFw0xNjAyMjkxNzUwMDdaFw00MzA3MTcxNzUwMDdaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDETMBEGA1UEAwwKY2hyb21lX2RldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOYPj6Y9rVt8xizSHDYjDEkDfFZAgSiZ9T6tevkQXsFyfaq3Gk3h2qssi29G6cTPJ2VXFKlVB71wSXv5p9/LEcDQPWQiO3Q2cLmgUXxyhJWXI3g96tPAhZQX2q6SC37ZQdiBR/raMO70DAkvCyBGtNplsvutzSE3oZ7LYfzB8vTbe7zCh3fDYSS/7xb3ZVvFqydHS40uVq1qqg1S80Pge7tW3pDGsPMZN7yA4yfmsvA1rbHm9N8t3Rc9hqzh6OxNAAgRB535YcsWL7iF+mpdFILXk3jLYT0nMvMnB83rsdgnRREjlGQYHl2mh8+6CqujsW/eICDq/LR6BYDyqHhk0ECAwEAAaNQME4wHQYDVR0OBBYEFKzsl07JglgpbeYDYGqsgqRDo+01MB8GA1UdIwQYMBaAFKzsl07JglgpbeYDYGqsgqRDo+01MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACka6SFF6xAcj8L8O6R36++E09DTiGZEjvKT8eIycgcQQ+p1WUmPb6M2EJpN6zvvSE62ussmXdzf8rIyc0JXA8jbViZt62Y39epNENFxPTLN9QzXlT+w8AW73Ka3cnbOuL5EgoDl8fM79WVlARY3X+wB/jGNrkiGIdRm2IZIeAodWgC2mtXMiferyYBKz2/F2bhnU6DwgCbegS8trFjEWviijWdJ+lBdobn7LRc3orZCtHl8UyvRDi7cye3sK9y3BM39k0g20F21wTNHAonnvL6zbuNgpd+UEsVxDpOeWrEdBFN7Md0CI2wnu8eA8ljJD45v0WWMEoxsIi131g5piNM= + + + MIIDxzCCAq+gAwIBAgIJAML7APITsgV7MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEWMBQGA1UEAwwNY2hyb21lX2NhbmFyeTAeFw0xNjAyMjkxOTA5MDdaFw00MzA3MTcxOTA5MDdaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEWMBQGA1UEAwwNY2hyb21lX2NhbmFyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXfeAoZlr0ya1HBzIfAz/nLLjpPJeAPvuX5dueaxmiQgv2hNG22acriFuiiJI6TU0t8AIVJD5Ifbc4OOuA0zeFhdzWWGnmTRH6x27WI7bzOKnAqOvv21ZBmE9i8Vo++K13xWdTs3qVn1bn9oUONxFu0wKDzXYZhoj1Jom0RZGjXm16xuPlEuOzMcjiNBDoYuxPAXkMcK/G1gP4P4nAV8Rd/GGIjKRS/SUtcShhoAMOQhs4WIEkUrvEVRwhBDIbpM87oFbCVdBH38r0XS6F6CdhPJsKFhoEfq4c01HZqNmDpCPA8AAcCuSWqmXoTIqs7OqkWgduE2bInbWU7WMaTl+kCAwEAAaNQME4wHQYDVR0OBBYEFB/AsC4iPAqaLoNytNSx29qByI7+MB8GA1UdIwQYMBaAFB/AsC4iPAqaLoNytNSx29qByI7+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMb2Td3ro/+MGVnCPAbwBSOZMVLUKGqt6zr8CShW9mtFHnmy29EaWSYYAj1M4+6Vpkq85NsgBEck7rnUjV8A3Q0NKdTys1KRKJqVvQRBN6SwqQenSf/abxQCa8Z+69rh+3BkIU1HLtu5lrMDZwon5H91L5mpORn6vItd20uW132lwSDeUEW2CHslTrodoFuTUcSUlRiq/URfUH3baO1QHXkxpQwrBPKL5deJfcZnxh5MAtAGSQL7gHvayEFlDppETXdDO7vgGTH2dEK2TjKWALbGiKkxSqjRyTNt4/FOj10TqNRdUamj+ydVJgzGQ8bki4Vc6NnKm/r4asusxapkVR4= + + +MIIDuzCCAqOgAwIBAgIJANi6DgBQG4ZTMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHd2VidmlldzAeFw0xNDA4MDgyMzIwMjBaFw00MTEyMjQyMzIwMjBaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHd2VidmlldzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbtaFX0r5aZJMAbPVMAgK1ZZ29dTn91VsGxXv2hqrQo7IpqEy2JmPvPnoMsSiuTAe+UcQy8oKDQ2aYVSAd1DGIy+nSRyFTt3LSIAdwSBkB1qT4a+OqkpsR6bSNXQXQ18lCQu9gREY3h3QlYBQAyzRxw4hRGlrXAzuSz1Ec4W+6x4nLG5DG61MAMR8ClF9XSqbmGB3kyZ70A0X9OPYYxiMWP1ExaYvpaVqjyZZcrPwr+vtW8oCuGBUtHpBUH3OoG+9s2YMcgLG7vCK9awKDqlPcJSpIAAj6uGs4gORmkqxZRMskLSTWbhP4p+3Ap8jYzTVB6Y1/DMVmYTWRMcPW0macCAwEAAaNQME4wHQYDVR0OBBYEFJ6bAR6/QVm4w9LRSGQiaR5Rhp3TMB8GA1UdIwQYMBaAFJ6bAR6/QVm4w9LRSGQiaR5Rhp3TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEQu8QiVxax7/diEiJrgKE1LwdXsIygJK/KnaKdnYEkAQpeu/QmrLiycm+OFbL1qHJIB7OuI/PQBUtcaNSiJSCVgtwtEbZWWIdsynqG/Nf4aGOndXegSQNRH54M05sRHLoeRycPrY7xQlEwGikNFR76+5UdwFBQI3Gn22g6puJnVukQm/wXQ+ajoiS4QclrNlixoDQsZ4STLH4+Wju2wIWKFFArIhVEIlbamq+p6BghuzH3aIz/Fy0YTQKi7SA+0fuNeCaqlSm5pYSt6p5CH89y1Fr+wFc5r3iLRnUwRcy08ESC7bZJnxV3d/YQ5valTxBbzku/dQbXVj/xg69H8l8M= + + +MIIDbTCCAlWgAwIBAgIEHcsmjjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGQmVybGluMRAwDgYDVQQKEwdCcm9taXRlMRAwDgYDVQQLEwdCcm9taXRlMRAwDgYDVQQDEwdjc2FnYW41MCAXDTE4MDExOTA3MjE1N1oYDzIwNjgwMTA3MDcyMTU3WjBmMQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGQmVybGluMRAwDgYDVQQKEwdCcm9taXRlMRAwDgYDVQQLEwdCcm9taXRlMRAwDgYDVQQDEwdjc2FnYW41MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtakjGj0eTavbBB2vWXj8KBixWn4zgXAKc+yGFu3SLEGF1VB5aJWwcMHxVI55yH/8M2eNnJP0BkSidfKgPVcm1sk/GrNEs9uk5sWod9byO5M5QWQmGP2REeTd6J0BVVVaMp2MZnqeR3Su3pwFzrSwTqIGyf8dkPSEz7ifj792+EeRNrov4oRQK7lIfqInzwc4d34wU069Lrw6m7J7HM0KbRYISsWMiYj025Qg+dTrtdWt7jbdcj7htW0eYyJoLd90+s43RWnOpENmWpcWv1EVPxUD4mCdV9idYwoHRIESpSu9IWvqDZp1VoRc43nLgsNfNBwmYdTkIaPiz1m7TBcr7QIDAQABoyEwHzAdBgNVHQ4EFgQUuWoGd7W7wMyQ1pOdjiMv10YHTR0wDQYJKoZIhvcNAQELBQADggEBAA7iw6eKz+T8HIpKDoDcX1Ywjn9JUzuCFu20LnsLzreO/Pog1xErYjdLAS7LTZokfbAnitBskO9QhV9BYkDiM0Qr5v2/HsJTtxa1mz9ywCcI36jblMyuXFj8tuwQI9/t9i+Fc3+bOFBV3t7djPo9qX1dIK0lZ6s8HcIhaCNdqm65fH+nWhC/H9djqC6qOtrkTiACKEcHQ4a/5dfROU0q0M4bS4YuiaAQWgjiGbik4LrZ8wZX1aqJCLt0Hs7MzXyyf0cRSO11FIOViHwzh6WTZGufq2J3YBFXPond8kLxkKL3LNezbi5yTcecxsbKQ6OS46CnIKcy/M8asSreLpoCDvw= + + + + + diff --git a/nehemiah/sepolicy/asus.te b/nehemiah/sepolicy/asus.te new file mode 100644 index 0000000..64ff117 --- /dev/null +++ b/nehemiah/sepolicy/asus.te @@ -0,0 +1,5 @@ +allow cameraserver phhsu_exec:file rx_file_perms; + +type asus_motor_device, file_type; +allow cameraserver asus_motor_device:chr_file { open read write ioctl }; +allowxperm cameraserver asus_motor_device:chr_file ioctl { 0x4d02 }; diff --git a/nehemiah/sepolicy/board_properties.te b/nehemiah/sepolicy/board_properties.te new file mode 100644 index 0000000..4ed75dc --- /dev/null +++ b/nehemiah/sepolicy/board_properties.te @@ -0,0 +1,4 @@ +type sysfs_board_properties, fs_type, sysfs_type; + +allow system_server sysfs_board_properties:dir search; +allow system_server sysfs_board_properties:file r_file_perms; diff --git a/nehemiah/sepolicy/bootanim.te b/nehemiah/sepolicy/bootanim.te new file mode 100644 index 0000000..bba8c50 --- /dev/null +++ b/nehemiah/sepolicy/bootanim.te @@ -0,0 +1,3 @@ +#11-14 21:15:02.748 477 477 I auditd : type=1400 audit(0.0:104): avc: denied { search } for comm="BootAnimation" name="dri" dev="tmpfs" ino=1108 scontext=u:r:bootanim:s0 tcontext=u:object_r:gpu_device:s0 tclass=dir permissive=0 +#Seen on some MTK devices +allow bootanim gpu_device:dir r_dir_perms; diff --git a/nehemiah/sepolicy/file_contexts b/nehemiah/sepolicy/file_contexts new file mode 100644 index 0000000..4ae5095 --- /dev/null +++ b/nehemiah/sepolicy/file_contexts @@ -0,0 +1,22 @@ +/system/bin/phh-su u:object_r:phhsu_exec:s0 +/system/bin/vndk-detect u:object_r:vndk_detect_exec:s0 +/system/etc/usb_audio_policy_configuration.xml u:object_r:vendor_configs_file:s0 +/system/bin/rw-system.sh u:object_r:phhsu_exec:s0 +/system/bin/phh-on-boot.sh u:object_r:phhsu_exec:s0 +/system/bin/phh-on-data.sh u:object_r:phhsu_exec:s0 +/system/bin/asus-motor u:object_r:phhsu_exec:s0 + +#/system/bin/fsck\.exfat u:object_r:fsck_exec:s0 +/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0 + +/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0 + +/sec_storage(/.*)? u:object_r:teecd_data_file:s0 +/dev/dsm u:object_r:dmd_device:s0 + +/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oppo.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0 +/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oplus.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0 + +/efs u:object_r:efs_file:s0 + +/dev/smcinvoke u:object_r:smcinvoke_device:s0 diff --git a/nehemiah/sepolicy/genfs_contexts b/nehemiah/sepolicy/genfs_contexts new file mode 100644 index 0000000..56e8950 --- /dev/null +++ b/nehemiah/sepolicy/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /board_properties u:object_r:sysfs_board_properties:s0 diff --git a/nehemiah/sepolicy/hal.te b/nehemiah/sepolicy/hal.te new file mode 100644 index 0000000..cb44422 --- /dev/null +++ b/nehemiah/sepolicy/hal.te @@ -0,0 +1,10 @@ +type hal_fingerprint_oppo_compat, domain; +hal_client_domain(hal_fingerprint_oppo_compat, hal_fingerprint) +hal_server_domain(hal_fingerprint_oppo_compat, hal_fingerprint) + +type hal_fingerprint_oppo_compat_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_fingerprint_oppo_compat) + + +type hal_fingerprint_oppo, domain; +allow hal_fingerprint_oppo vendor_default_prop:property_service { set }; diff --git a/nehemiah/sepolicy/hardware_overlay.te b/nehemiah/sepolicy/hardware_overlay.te new file mode 100644 index 0000000..d3bb487 --- /dev/null +++ b/nehemiah/sepolicy/hardware_overlay.te @@ -0,0 +1 @@ +allow priv_app overlay_service:service_manager find; diff --git a/nehemiah/sepolicy/hostapd.te b/nehemiah/sepolicy/hostapd.te new file mode 100644 index 0000000..fd37b61 --- /dev/null +++ b/nehemiah/sepolicy/hostapd.te @@ -0,0 +1,4 @@ +type hostapd, domain; + +allow hostapd wifi_data_file:dir create_dir_perms; +allow hostapd wifi_data_file:file create_file_perms; diff --git a/nehemiah/sepolicy/huawei.te b/nehemiah/sepolicy/huawei.te new file mode 100644 index 0000000..e912528 --- /dev/null +++ b/nehemiah/sepolicy/huawei.te @@ -0,0 +1,17 @@ +allow ueventd proc:file r_file_perms; +permissive ueventd; + +type teecd_data_file, file_type; +type dmd_device, file_type; +allow hal_fingerprint_server dmd_device:chr_file rw_file_perms; +allow hal_fingerprint_server sysfs:file rw_file_perms; +allow tee hal_fingerprint_default:process { getattr }; +allow tee teecd_data_file:dir { search read write create getattr add_name open }; +allow tee teecd_data_file:file { read write create getattr open }; +allow tee system_data_file:dir { getattr }; + +type oeminfo_nvm, domain; +type oeminfo_nvm_device, file_type; +allowxperm oeminfo_nvm oeminfo_nvm_device:blk_file ioctl { 0x1260 }; + +allow charger rootfs:file { ioctl read getattr lock map execute entrypoint open }; diff --git a/nehemiah/sepolicy/init.te b/nehemiah/sepolicy/init.te new file mode 100644 index 0000000..42f5bf5 --- /dev/null +++ b/nehemiah/sepolicy/init.te @@ -0,0 +1,13 @@ +#This is in Android 8.0, but not 8.1 +domain_trans(init, rootfs, adbd) + +#This is used on Huawei devices to f2fs data partition +allow init userdata_block_device:blk_file relabelto; +allow init userdata_block_device:lnk_file relabelto; + +allow vendor_init vendor_init:capability { sys_module }; + +allow init system_file:lnk_file create_file_perms; + +#fix adb in some cases +allow init adbd_exec:lnk_file read; diff --git a/nehemiah/sepolicy/lenovo.te b/nehemiah/sepolicy/lenovo.te new file mode 100644 index 0000000..19e3314 --- /dev/null +++ b/nehemiah/sepolicy/lenovo.te @@ -0,0 +1,4 @@ +type sysfs_tp, file_type; + +#Allow treble_app access to /sys/devices/virtual/touch/tp_dev/gesture_on +allow system_app sysfs_tp:file rw_file_perms; diff --git a/nehemiah/sepolicy/lmkd.te b/nehemiah/sepolicy/lmkd.te new file mode 100644 index 0000000..46e1a61 --- /dev/null +++ b/nehemiah/sepolicy/lmkd.te @@ -0,0 +1 @@ +allow lmkd self:capability sys_ptrace; diff --git a/nehemiah/sepolicy/mediatek.te b/nehemiah/sepolicy/mediatek.te new file mode 100644 index 0000000..1577411 --- /dev/null +++ b/nehemiah/sepolicy/mediatek.te @@ -0,0 +1,19 @@ +type hal_graphics_allocator_default, domain; +type proc_ged, file_type; +allowxperm domain proc_ged:file ioctl { 0x6700-0x67ff }; + +allow init mnt_product_file:dir mounton; + +type mtk_hal_audio, domain; +typeattribute mtk_hal_audio hal_broadcastradio_client; + +type mtk_hal_power, domain; +allow mtk_hal_power system_data_root_file:file create_file_perms; +allow zygote ashmem_device:chr_file execute; + +attribute hal_mms_server; +binder_call({appdomain -isolated_app}, hal_mms_server) +binder_call(hal_mms_server, {appdomain -isolated_app}) + +type mtk_hal_mms_hwservice, hwservice_manager_type; +allow { appdomain -isolated_app } mtk_hal_mms_hwservice:hwservice_manager find; diff --git a/nehemiah/sepolicy/oppo.te b/nehemiah/sepolicy/oppo.te new file mode 100644 index 0000000..216ba3c --- /dev/null +++ b/nehemiah/sepolicy/oppo.te @@ -0,0 +1,6 @@ +type sysfs_usb_supply, file_type; + +allow system_app sysfs_usb_supply:file rw_file_perms; + +type hal_fingerprint_oplus, domain; +allow hal_fingerprint_oplus vendor_default_prop:property_service set; diff --git a/nehemiah/sepolicy/qualcomm.te b/nehemiah/sepolicy/qualcomm.te new file mode 100644 index 0000000..2669694 --- /dev/null +++ b/nehemiah/sepolicy/qualcomm.te @@ -0,0 +1,30 @@ +type bt_firmware_file, file_type; +type rild, domain; + +#me.phh.treble.qti.audio is system-signed +allow system_app hal_telephony_hwservice:hwservice_manager { find }; +allow { rild system_app } { rild system_app }:binder { call transfer }; + +#Pixel 1 +type vnd_qcril_audio_hwservice, hwservice_manager_type; +allow system_app vnd_qcril_audio_hwservice:hwservice_manager { find }; + +#Pixel 2 +type vnd_qcrilhook_hwservice, hwservice_manager_type; +allow system_app vnd_qcrilhook_hwservice:hwservice_manager { find }; + +#OP6 +allow system_app hal_telephony_hwservice:hwservice_manager { find }; + +# cf https://github.com/phhusson/treble_experimentations/issues/131 +# SELinux : avc: denied { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0 +type ipacm, hwservice_manager_type; +allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add }; + +type rpmb_device, file_type; +allow tee rpmb_device:blk_file rw_file_perms; +allowxperm tee rpmb_device:blk_file ioctl { 0xb300-0xbfff }; + +attribute smcinvoke_device_29_0; +type smcinvoke_device, dev_type; +typeattribute smcinvoke_device smcinvoke_device_29_0; diff --git a/nehemiah/sepolicy/samsung.te b/nehemiah/sepolicy/samsung.te new file mode 100644 index 0000000..63f4edc --- /dev/null +++ b/nehemiah/sepolicy/samsung.te @@ -0,0 +1,4 @@ +type boot_prop, property_type; + +set_prop(system_server, boot_prop); + diff --git a/nehemiah/sepolicy/service_contexts b/nehemiah/sepolicy/service_contexts new file mode 100644 index 0000000..7680633 --- /dev/null +++ b/nehemiah/sepolicy/service_contexts @@ -0,0 +1,10 @@ +qti.ims.ext u:object_r:radio_service:s0 +# SPRD IMS +ims_ex u:object_r:radio_service:s0 +ims_ut_ex u:object_r:radio_service:s0 +ims_doze_manager u:object_r:radio_service:s0 +irit u:object_r:radio_service:s0 + +# MTK IMS +mwis u:object_r:radio_service:s0 +mtkIms u:object_r:radio_service:s0 diff --git a/nehemiah/sepolicy/su.te b/nehemiah/sepolicy/su.te new file mode 100644 index 0000000..f8829cd --- /dev/null +++ b/nehemiah/sepolicy/su.te @@ -0,0 +1,151 @@ +type phhsu_daemon, domain, mlstrustedsubject; +type phhsu_exec, exec_type, file_type; +type phhsu_daemon_tmpfs, file_type; + +typeattribute phhsu_daemon coredomain; +permissive phhsu_daemon; + +tmpfs_domain(phhsu_daemon); +domain_auto_trans(init, phhsu_exec, phhsu_daemon); +file_type_auto_trans(phhsu_daemon, device, phhsu_daemon); + +allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read }; +allow { appdomain shell } phhsu_daemon:sock_file { write read }; +allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans }; + +create_pty(shell) +allowxperm shell devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls }; +allowxperm { phhsu_daemon untrusted_app untrusted_app_27 } untrusted_app_all_devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls }; + +allow servicemanager phhsu_daemon:dir { search read }; +allow servicemanager phhsu_daemon:file { open read }; +allow servicemanager phhsu_daemon:process { getattr }; +allow servicemanager phhsu_daemon:binder { call transfer }; + +typeattribute phhsu_daemon mlstrustedobject; +typeattribute phhsu_daemon mlstrustedsubject; + +allow shell su_exec:file getattr; +typeattribute su mlstrustedsubject; + +allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find; + +allow system_server phhsu_daemon:fifo_file { read write getattr }; +allow system_server phhsu_daemon:fd use; +allow system_server phhsu_daemon:binder { call transfer }; +allow system_server shell_devpts:chr_file { read write }; + +# Add su to various domains +net_domain(phhsu_daemon) + +hwbinder_use(phhsu_daemon) + +allow domain untrusted_app_all_devpts:chr_file { getattr read write }; +allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl }; +allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl }; +allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr }; + +allow appdomain phhsu_daemon:dir { search }; + +allow phhsu_daemon self:global_capability_class_set { sys_resource sys_ptrace }; + +allow phhsu_daemon self:dir rw_dir_perms; +allow phhsu_daemon self:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon self:lnk_file { r_file_perms execmod }; + +allow phhsu_daemon adbd_exec:file { getattr read }; +allow phhsu_daemon { rootfs same_process_hal_file system_file tmpfs }:file { mounton getattr }; +allow phhsu_daemon self:capability { sys_admin chown setuid setgid net_raw dac_override dac_read_search kill fowner mknod }; +allow phhsu_daemon self:capability2 { syslog }; +allow phhsu_daemon shell_exec:file rx_file_perms; +allow phhsu_daemon system_file:file { rx_file_perms entrypoint }; +allow phhsu_daemon kmsg_device:chr_file { ioctl w_file_perms }; +allow phhsu_daemon toolbox_exec:file rx_file_perms; +allow phhsu_daemon system_block_device:{ lnk_file file } r_file_perms; + +allow { phhsu_daemon shell } domain:dir rw_dir_perms; +allow { phhsu_daemon shell } domain:file rw_file_perms; +allow { phhsu_daemon shell } domain:lnk_file rw_file_perms; +allow { phhsu_daemon shell } rootfs:file { rwx_file_perms create rename setattr unlink }; +allow { phhsu_daemon shell } rootfs:dir rw_dir_perms; +allow phhsu_daemon asec_apk_file:dir rw_dir_perms; + +allow phhsu_daemon shell_devpts:chr_file rw_file_perms; + +allow phhsu_daemon app_data_file:dir rw_dir_perms; +allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon dalvikcache_data_file:dir rw_dir_perms; +allow phhsu_daemon dalvikcache_data_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon dalvikcache_data_file:lnk_file { r_file_perms execmod }; +allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon system_data_file:dir rw_dir_perms; +allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon system_file:dir rw_dir_perms; +allow phhsu_daemon system_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon init:unix_stream_socket { connectto }; +allow phhsu_daemon self:process { ptrace setexec execmem setfscreate }; +allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink }; +allow phhsu_daemon app_data_file:dir rw_dir_perms; +allow phhsu_daemon ashmem_device:chr_file { execute }; +allow phhsu_daemon dex2oat_exec:file rx_file_perms; + + +allow phhsu_daemon phhsu_daemon_tmpfs:file rwx_file_perms; + +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename }; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename}; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom unlink rename}; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:chr_file { rwx_file_perms unlink rename ioctl}; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:blk_file { rw_file_perms create unlink rename ioctl}; + +allow phhsu_daemon device:file rwx_file_perms; +allow phhsu_daemon device:dir rw_dir_perms; + +allow phhsu_daemon domain:process { ptrace signal signull getattr }; +allow phhsu_daemon selinuxfs:file rwx_file_perms; +allow domain phhsu_daemon:process { sigchld }; +allow phhsu_daemon domain:binder { call transfer }; +allow phhsu_daemon kernel:system { syslog_read syslog_mod }; +allow phhsu_daemon kernel:security { setenforce compute_av }; +allow phhsu_daemon domain:unix_stream_socket { getattr }; + +allow phhsu_daemon logdr_socket:sock_file write; +allow phhsu_daemon logd:unix_stream_socket connectto; + +allow phhsu_daemon property_type:property_service { set }; +allow phhsu_daemon property_socket:sock_file { write }; +allow phhsu_daemon property_type:file rw_file_perms; +allow phhsu_daemon { hwservicemanager hwservice_manager_type }:hwservice_manager { list add find }; +allow phhsu_daemon domain:unix_dgram_socket rw_socket_perms; + +allow phhsu_daemon tombstoned_intercept_socket:sock_file { write }; +allow phhsu_daemon tombstoned:unix_stream_socket { connectto }; + +allow phhsu_daemon { property_data_file data_file_type tmpfs }:file create_file_perms; +allow phhsu_daemon { property_data_file data_file_type tmpfs }:dir create_dir_perms; + +allow phhsu_daemon { tmpfs fs_type }:filesystem { mount remount unmount associate }; + +allow phhsu_daemon phhsu_daemon:file relabelfrom; + +allow phhsu_daemon properties_device:dir { map }; +allow phhsu_daemon { tmpfs }:dir { mounton }; +allow phhsu_daemon { file_type shell_data_file system_file}:file { relabelto relabelfrom} ; + +allow phhsu_daemon domain:fd { use }; +allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown }; +allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms; +allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read }; +allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms }; + +allow phhsu_daemon file_type:file create_file_perms; +allow phhsu_daemon file_type:dir create_dir_perms; + +allow phhsu_daemon domain:process { transition }; + + +# 05-09 00:05:30.149 18450 18450 W lprename: type=1400 audit(0.0:40923): avc: denied { ioctl } for path="/dev/block/sda25" dev="tmpfs" ino=19441 ioctlcmd=0x1278 scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:super_block_device:s0 tclass=blk_file permissive=0 +# 06-06 12:59:53.775 30150 30150 I auditd : type=1400 audit(0.0:35585): avc: denied { ioctl } for comm="blockdev" path="/dev/block/dm-3" dev="tmpfs" ino=12687 ioctlcmd=0x125d scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0 + +allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff }; +allowxperm phhsu_daemon { system_block_device super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d }; diff --git a/nehemiah/sepolicy/treble_app.te b/nehemiah/sepolicy/treble_app.te new file mode 100644 index 0000000..6bb46a8 --- /dev/null +++ b/nehemiah/sepolicy/treble_app.te @@ -0,0 +1,44 @@ +allow system_app hal_wifi_hostapd_hwservice:hwservice_manager { add find }; +allow system_app hidl_base_hwservice:hwservice_manager { add }; +allow system_app wifi_data_file:dir create_dir_perms; +allow system_app wifi_data_file:file create_file_perms; + +allow system_app sysfs_batteryinfo:file rw_file_perms; + +type vendor_camera_prop, property_type; +set_prop(system_app, vendor_camera_prop); +type camera_prop, property_type; +set_prop(system_app, camera_prop); + +type hal_ext_fingerprint_hwservice, hwservice_manager_type; +allow system_app hal_ext_fingerprint_hwservice:hwservice_manager { find }; +type hal_fingerprint_default, domain; +allow system_app hal_fingerprint_default:binder { call }; +allow system_app sysfs_power:dir r_dir_perms; +allow system_app sysfs_power:file rw_file_perms; +allow system_app sysfs_power:lnk_file read; + +type default_hisi_hwservice, hwservice_manager_type; +allow system_app default_hisi_hwservice:hwservice_manager { find }; + +type hal_tp_default, domain; +allow system_app hal_tp_default:binder { call }; + +#cam2api +allow system_app vendor_default_prop:property_service { set }; + +set_prop(system_app, default_prop); +set_prop(system_app, exported3_default_prop); + +type mtk_hal_rild_hwservice, hwservice_manager_type; +allow system_app mtk_hal_rild_hwservice:hwservice_manager { find}; + +type mtk_vilte_support_prop, property_type; +allow system_app mtk_vilte_support_prop:property_service set; + +type hal_gesturewake_hwservice, hwservice_manager_type; +type hal_gesturewake_default, domain; +allow system_app hal_gesturewake_hwservice:hwservice_manager { find }; +allow system_app hal_gesturewake_default:binder { call transfer }; +allow hal_gesturewake_default system_app:binder { call transfer }; + diff --git a/nehemiah/sepolicy/vndk_detect.te b/nehemiah/sepolicy/vndk_detect.te new file mode 100644 index 0000000..797094a --- /dev/null +++ b/nehemiah/sepolicy/vndk_detect.te @@ -0,0 +1,27 @@ +type vndk_detect, coredomain, domain; +type vndk_detect_exec, exec_type, file_type; + +init_daemon_domain(vndk_detect); +allow vndk_detect sepolicy_file:file r_file_perms; +set_prop(vndk_detect,system_prop); +set_prop(vndk_detect,debug_prop); + +allow vndk_detect shell_exec:file rx_file_perms; +allow vndk_detect toolbox_exec:file rx_file_perms; +#/system/bin/grep +allow vndk_detect system_file:file rx_file_perms; + +#mount -o bind /system/bin/adbd /sbin/adbd +allow vndk_detect adbd_exec:file { getattr read }; +allow vndk_detect rootfs:file { mounton getattr }; +allow vndk_detect self:capability { sys_admin }; + +#mount -o bind /system/etc/usb_audio_policy_configuration.xml /vendor/etc/usb_audio_policy_configuration.xml +allow init vendor_configs_file:file { getattr mounton }; + +#/sys/module/five +allow vndk_detect sysfs:file r_file_perms; +allow vndk_detect sysfs:dir r_dir_perms; + +#/proc/filesystems +allow vndk_detect proc_filesystems:file r_file_perms; diff --git a/nehemiah/sepolicy/vold.te b/nehemiah/sepolicy/vold.te new file mode 100644 index 0000000..7cbd585 --- /dev/null +++ b/nehemiah/sepolicy/vold.te @@ -0,0 +1,2 @@ +allow vold system_data_file:lnk_file { unlink }; +allow mediaextractor sdcard_type:file read; diff --git a/nehemiah/system.prop b/nehemiah/system.prop new file mode 100644 index 0000000..152efc8 --- /dev/null +++ b/nehemiah/system.prop @@ -0,0 +1,4 @@ +persist.bluetooth.bluetooth_audio_hal.disabled=true +persist.sys.bt.unsupport.features=00000000 +persist.sys.bt.unsupport.states=00000000 +persist.sys.bt.unsupport.stdfeatures=000001 \ No newline at end of file