Tryout
This commit is contained in:
parent
756aee0ef9
commit
d769483c2e
2
nehemiah/AndroidProducts.mk
Normal file
2
nehemiah/AndroidProducts.mk
Normal file
@ -0,0 +1,2 @@
|
||||
PRODUCT_MAKEFILES := \
|
||||
$(LOCAL_DIR)/nehemiah.mk
|
||||
2
nehemiah/base-pre.mk
Normal file
2
nehemiah/base-pre.mk
Normal file
@ -0,0 +1,2 @@
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/sample/etc/apns-full-conf.xml:system/etc/apns-conf.xml
|
||||
21
nehemiah/base.mk
Normal file
21
nehemiah/base.mk
Normal file
@ -0,0 +1,21 @@
|
||||
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += device/wephone/nehemiah/sepolicy
|
||||
PRODUCT_PACKAGE_OVERLAYS += device/wephone/nehemiah/overlay
|
||||
|
||||
$(call inherit-product, vendor/hardware_overlay/overlay.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/core_64_bit.mk)
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/aosp_base_telephony.mk)
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
treble-environ-rc \
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
bootctl \
|
||||
vintf \
|
||||
simg2img_simple \
|
||||
lptools
|
||||
|
||||
ifneq (,$(wildcard external/exfat))
|
||||
PRODUCT_PACKAGES += \
|
||||
mkfs.exfat \
|
||||
fsck.exfat
|
||||
endif
|
||||
54
nehemiah/bluetooth/bdroid_buildcfg.h
Normal file
54
nehemiah/bluetooth/bdroid_buildcfg.h
Normal file
@ -0,0 +1,54 @@
|
||||
/*
|
||||
* Copyright (c) 2013, The Linux Foundation. All rights reserved.
|
||||
* Not a Contribution, Apache license notifications and license are retained
|
||||
* for attribution purposes only.
|
||||
*
|
||||
* Copyright (C) 2012 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef _BDROID_BUILDCFG_H
|
||||
#define _BDROID_BUILDCFG_H
|
||||
|
||||
//#include <cutils/properties.h>
|
||||
#include <string.h>
|
||||
|
||||
static inline const char* BtmDefLocalName()
|
||||
{
|
||||
#if 0
|
||||
static char product_device[PROPERTY_VALUE_MAX];
|
||||
//Huawei-defined property
|
||||
property_get("ro.config.marketing_name", product_device, "");
|
||||
|
||||
if (strcmp(product_device, "") != 0)
|
||||
return product_device;
|
||||
|
||||
// Fallback to ro.product.model
|
||||
return "";
|
||||
#endif
|
||||
return "hello";
|
||||
}
|
||||
|
||||
static inline int BtmBypassExtraAclSetup() {
|
||||
#if 0
|
||||
int8_t prop = property_get_bool("persist.sys.bt_acl_bypass", false);
|
||||
return prop == true;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
#define BTM_DEF_LOCAL_NAME BtmDefLocalName()
|
||||
#define BTM_BYPASS_EXTRA_ACL_SETUP BtmBypassExtraAclSetup()
|
||||
|
||||
#endif
|
||||
6
nehemiah/board-base.mk
Normal file
6
nehemiah/board-base.mk
Normal file
@ -0,0 +1,6 @@
|
||||
TARGET_SYSTEM_PROP := device/wephone/nehemiah/system.prop $(TARGET_SYSTEM_PROP)
|
||||
BOARD_BLUETOOTH_BDROID_BUILDCFG_INCLUDE_DIR := device/wephone/nehemiah/bluetooth
|
||||
TARGET_EXFAT_DRIVER := exfat
|
||||
DEVICE_FRAMEWORK_MANIFEST_FILE := device/wephone/nehemiah/framework_manifest.xml
|
||||
|
||||
BOARD_ROOT_EXTRA_FOLDERS += bt_firmware sec_storage efs
|
||||
11
nehemiah/environ/Android.mk
Normal file
11
nehemiah/environ/Android.mk
Normal file
@ -0,0 +1,11 @@
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := treble-environ-rc
|
||||
LOCAL_MODULE_TAGS := optional
|
||||
|
||||
LOCAL_POST_INSTALL_CMD := \
|
||||
mkdir -p $(PRODUCT_OUT)/system/etc/init/ && \
|
||||
sed -e 's?%BOOTCLASSPATH%?$(PRODUCT_BOOTCLASSPATH)?g' device/phh/treble/environ/init.treble-environ.rc > $(PRODUCT_OUT)/system/etc/init/init.treble-environ.rc && \
|
||||
sed -i -e 's?%SYSTEMSERVERCLASSPATH%?$(PRODUCT_SYSTEM_SERVER_CLASSPATH)?g' $(PRODUCT_OUT)/system/etc/init/init.treble-environ.rc
|
||||
|
||||
include $(BUILD_PHONY_PACKAGE)
|
||||
4
nehemiah/environ/init.treble-environ.rc
Normal file
4
nehemiah/environ/init.treble-environ.rc
Normal file
@ -0,0 +1,4 @@
|
||||
# set up the global environment
|
||||
on init
|
||||
export BOOTCLASSPATH /apex/com.android.runtime/javalib/core-oj.jar:/apex/com.android.runtime/javalib/core-libart.jar:/apex/com.android.runtime/javalib/okhttp.jar:/apex/com.android.runtime/javalib/bouncycastle.jar:/apex/com.android.runtime/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/android.test.base.jar:/apex/com.android.conscrypt/javalib/conscrypt.jar:/apex/com.android.media/javalib/updatable-media.jar
|
||||
export SYSTEMSERVERCLASSPATH /system/framework/services.jar:/system/framework/ethernet-service.jar:/system/framework/wifi-service.jar:/system/framework/com.android.location.provider.jar
|
||||
8
nehemiah/mediatek_arm64/BoardConfig.mk
Normal file
8
nehemiah/mediatek_arm64/BoardConfig.mk
Normal file
@ -0,0 +1,8 @@
|
||||
include build/make/target/board/generic_arm64_ab/BoardConfig.mk
|
||||
include device/wephone/nehemiah/board-base.mk
|
||||
|
||||
ifeq ($(BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE),)
|
||||
BOARD_SYSTEMIMAGE_PARTITION_SIZE := 2147483648
|
||||
else
|
||||
BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 33554432
|
||||
endif
|
||||
15
nehemiah/nehemiah.mk
Normal file
15
nehemiah/nehemiah.mk
Normal file
@ -0,0 +1,15 @@
|
||||
TARGET_GAPPS_ARCH := arm64
|
||||
$(call inherit-product, device/wephone/nehemiah/base-pre.mk)
|
||||
include build/make/target/product/aosp_arm64_ab.mk
|
||||
$(call inherit-product, device/wephone/nehemiah/base.mk)
|
||||
|
||||
PRODUCT_NAME := nehemiah_qin_f21pro
|
||||
PRODUCT_DEVICE := mediatek_arm64
|
||||
PRODUCT_BRAND := wePhone
|
||||
PRODUCT_SYSTEM_BRAND := wePhone
|
||||
PRODUCT_MODEL := wePhone Qin F21pro
|
||||
|
||||
# Overwrite the inherited "emulator" characteristics
|
||||
PRODUCT_CHARACTERISTICS := device
|
||||
|
||||
PRODUCT_PACKAGES +=
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 2.1 MiB |
@ -0,0 +1,56 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
|
||||
<string-array translatable="false" name="config_tether_usb_regexs">
|
||||
<item>"usb\\d"</item>
|
||||
<item>"rndis\\d"</item>
|
||||
</string-array>
|
||||
|
||||
<string-array translatable="false" name="config_tether_wifi_regexs">
|
||||
<item>"wlan0"</item>
|
||||
<item>"softap.*"</item>
|
||||
<item>"wifi_br0"</item>
|
||||
<item>"wigig0"</item>
|
||||
</string-array>
|
||||
|
||||
<string-array translatable="false" name="config_tether_bluetooth_regexs">
|
||||
<item>bnep\\d</item>
|
||||
<item>"bt-pan"</item>
|
||||
</string-array>
|
||||
|
||||
<bool name="config_enableAutoPowerModes">true</bool>
|
||||
<bool name="config_intrusiveNotificationLed">true</bool>
|
||||
<string name="config_icon_mask" translatable="false">"M50 0C77.6 0 100 22.4 100 50C100 77.6 77.6 100 50 100C22.4 100 0 77.6 0 50C0 22.4 22.4 0 50 0Z"</string>
|
||||
<bool name="config_useRoundIcon">true</bool>
|
||||
|
||||
<string name="config_wallpaperCropperPackage">com.android.wallpaperpicker</string>
|
||||
<bool name="config_unplugTurnsOnScreen">true</bool>
|
||||
<integer name="config_multiuserMaximumUsers">5</integer>
|
||||
<bool name="config_enableMultiUserUI">true</bool>
|
||||
|
||||
<string name="config_dozeComponent">com.android.systemui/com.android.systemui.doze.DozeService</string>
|
||||
<bool name="config_swipe_up_gesture_setting_available">true</bool>
|
||||
<bool name="config_smart_battery_available">true</bool>
|
||||
<dimen name="config_dialogCornerRadius">8.0dip</dimen>
|
||||
<dimen name="config_buttonCornerRadius">4.0dip</dimen>
|
||||
|
||||
<bool name="config_cellBroadcastAppLinks">true</bool>
|
||||
|
||||
<array name="config_availableColorModes">
|
||||
<!-- ColorDisplayManager.COLOR_MODE_NATURAL -->
|
||||
<item>0</item>
|
||||
<!-- ColorDisplayManager.COLOR_MODE_BOOSTED -->
|
||||
<item>1</item>
|
||||
<!-- ColorDisplayManager.COLOR_MODE_SATURATED -->
|
||||
<item>2</item>
|
||||
<!-- ColorDisplayManager.COLOR_MODE_AUTOMATIC -->
|
||||
<item>3</item>
|
||||
</array>
|
||||
|
||||
<bool name="config_supportAudioSourceUnprocessed">true</bool>
|
||||
|
||||
<string name="config_displayLightSensorType" translatable="false">android.sensor.light</string>
|
||||
|
||||
<integer name="config_defaultNightMode">2</integer>
|
||||
|
||||
<bool name="config_useDevInputEventForAudioJack">true</bool>
|
||||
</resources>
|
||||
@ -0,0 +1,40 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Copyright 2015 The Android Open Source Project
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
<webviewproviders>
|
||||
|
||||
<webviewprovider description="Chrome Stable" packageName="com.android.chrome" availableByDefault="true">
|
||||
<signature>MIIEQzCCAyugAwIBAgIJAMLgh0ZkSjCNMA0GCSqGSIb3DQEBBAUAMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDAeFw0wODA4MjEyMzEzMzRaFw0zNjAxMDcyMzEzMzRaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAKtWLgDYO6IIrgqWbxJOKdoR8qtW0I9Y4sypEwPpt1TTcvZApxsdyxMJZ2JORland2qSGT2y5b+3JKkedxiLDmpHpDsz2WCbdxgxRczfey5YZnTJ4VZbH0xqWVW/8lGmPav5xVwnIiJS6HXk+BVKZF+JcWjAsb/GEuq/eFdpuzSqeYTcfi6idkyugwfYwXFU1+5fZKUaRKYCwkkFQVfcAs1fXA5V+++FGfvjJ/CxURaSxaBvGdGDhfXE28LWuT9ozCl5xw4Yq5OGazvV24mZVSoOO0yZ31j7kYvtwYK6NeADwbSxDdJEqO4k//0zOHKrUiGYXtqw/A0LFFtqoZKFjnkCAQOjgdkwgdYwHQYDVR0OBBYEFMd9jMIhF1Ylmn/Tgt9r45jk14alMIGmBgNVHSMEgZ4wgZuAFMd9jMIhF1Ylmn/Tgt9r45jk14aloXikdjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMTB0FuZHJvaWSCCQDC4IdGZEowjTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQBt0lLO74UwLDYKqs6Tm8/yzKkEu116FmH4rkaymUIE0P9KaMftGlMexFlaYjzmB2OxZyl6euNXEsQH8gjwyxCUKRJNexBiGcCEyj6z+a1fuHHvkiaai+KL8W1EyNmgjmyy8AW7P+LLlkR+ho5zEHatRbM/YAnqGcFh5iZBqpknHf1SKMXFh4dd239FJ1jWYfbMDMy3NS5CTMQ2XFI1MvcyUTdZPErjQfTbQe3aDQsQcafEQPD+nqActifKZ0Np0IS9L9kR/wbNvyz6ENwPiTrjV2KRkEjH78ZMcUQXg0L3BYHJ3lc69Vs5Ddf9uUGGMYldX3WfMBEmh/9iFBDAaTCK</signature>
|
||||
</webviewprovider>
|
||||
<webviewprovider description="Chrome Beta" packageName="com.chrome.beta">
|
||||
<signature>MIIDwzCCAqugAwIBAgIJAOoj9MXoVhH6MA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIGA1UEAwwLY2hyb21lX2JldGEwHhcNMTYwMjI5MTUxNTIzWhcNNDMwNzE3MTUxNTIzWjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQxFDASBgNVBAMMC2Nocm9tZV9iZXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/wW27nRxVqGbFOyXr8jtv2pc2Ke8XMr6Sfs+3JK2licVaAljGFpLtWH4wUdb50w/QQSPALNLSSyuK/94rtp5Jjs4RSJI+whuewV/R6El+mFXBO3Ek5/op4UrOsR91IM4emvS67Ji2u8gp5EmttVgJtllFZCbtZLPmKuTaOkOB+EdWIxrYiHVEEaAcQpEHa9UgWUZ0bMfPj8j3F0w+Ak2ttmTjoFGLaZjuBAYwfdctN1b0sdLT9Lif45kMCb8QwPp0F9/ozs0rrTc+I6vnTS8kfFQfk7GIE4Hgm+cYQEHkIA6gLJxUVWvPZGdulAZw7wPt/neOkazHNZPcV4pYuNLQIDAQABo1AwTjAdBgNVHQ4EFgQU5t7dhcZfOSixRsiJ1E46JhzPlwowHwYDVR0jBBgwFoAU5t7dhcZfOSixRsiJ1E46JhzPlwowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAZO2jB8P1d8ki3KZILvp27a2VM3DInlp8I8UgG3gh7nBQfTrnZr5M1PL8eFHqX7MEvAiGCMTcrPklEhjtcHK/c7BcdeCWq6oL56UK3JTl33RxJcjmjrz3e3VI6ehRSm1feNAkMD0Nr2RWr2LCYheAEmwTPtluLOJS+i7WhnXJzBtg5UpUFEbdFYenqUbDzya+cUVp0197k7hUTs8/Hxs0wf79o/TZXzTBq9eYQkiITonRN8+5QCBl1XmZKV0IHkzGFES1RP+fTiZpIjZT+W4tasHgs9QTTks4CCpyHBAy+uy7tApe1AxCzihgecCfUN1hWIltKwGZS6EE0bu0OXPzaQ==</signature>
|
||||
</webviewprovider>
|
||||
<webviewprovider description="Chrome Dev" packageName="com.chrome.dev">
|
||||
<signature>MIIDwTCCAqmgAwIBAgIJAOSN+O0cdii5MA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDETMBEGA1UEAwwKY2hyb21lX2RldjAeFw0xNjAyMjkxNzUwMDdaFw00MzA3MTcxNzUwMDdaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDETMBEGA1UEAwwKY2hyb21lX2RldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOYPj6Y9rVt8xizSHDYjDEkDfFZAgSiZ9T6tevkQXsFyfaq3Gk3h2qssi29G6cTPJ2VXFKlVB71wSXv5p9/LEcDQPWQiO3Q2cLmgUXxyhJWXI3g96tPAhZQX2q6SC37ZQdiBR/raMO70DAkvCyBGtNplsvutzSE3oZ7LYfzB8vTbe7zCh3fDYSS/7xb3ZVvFqydHS40uVq1qqg1S80Pge7tW3pDGsPMZN7yA4yfmsvA1rbHm9N8t3Rc9hqzh6OxNAAgRB535YcsWL7iF+mpdFILXk3jLYT0nMvMnB83rsdgnRREjlGQYHl2mh8+6CqujsW/eICDq/LR6BYDyqHhk0ECAwEAAaNQME4wHQYDVR0OBBYEFKzsl07JglgpbeYDYGqsgqRDo+01MB8GA1UdIwQYMBaAFKzsl07JglgpbeYDYGqsgqRDo+01MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACka6SFF6xAcj8L8O6R36++E09DTiGZEjvKT8eIycgcQQ+p1WUmPb6M2EJpN6zvvSE62ussmXdzf8rIyc0JXA8jbViZt62Y39epNENFxPTLN9QzXlT+w8AW73Ka3cnbOuL5EgoDl8fM79WVlARY3X+wB/jGNrkiGIdRm2IZIeAodWgC2mtXMiferyYBKz2/F2bhnU6DwgCbegS8trFjEWviijWdJ+lBdobn7LRc3orZCtHl8UyvRDi7cye3sK9y3BM39k0g20F21wTNHAonnvL6zbuNgpd+UEsVxDpOeWrEdBFN7Md0CI2wnu8eA8ljJD45v0WWMEoxsIi131g5piNM=</signature>
|
||||
</webviewprovider>
|
||||
<webviewprovider description="Chrome Canary" packageName="com.chrome.canary">
|
||||
<signature>MIIDxzCCAq+gAwIBAgIJAML7APITsgV7MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEWMBQGA1UEAwwNY2hyb21lX2NhbmFyeTAeFw0xNjAyMjkxOTA5MDdaFw00MzA3MTcxOTA5MDdaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEWMBQGA1UEAwwNY2hyb21lX2NhbmFyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXfeAoZlr0ya1HBzIfAz/nLLjpPJeAPvuX5dueaxmiQgv2hNG22acriFuiiJI6TU0t8AIVJD5Ifbc4OOuA0zeFhdzWWGnmTRH6x27WI7bzOKnAqOvv21ZBmE9i8Vo++K13xWdTs3qVn1bn9oUONxFu0wKDzXYZhoj1Jom0RZGjXm16xuPlEuOzMcjiNBDoYuxPAXkMcK/G1gP4P4nAV8Rd/GGIjKRS/SUtcShhoAMOQhs4WIEkUrvEVRwhBDIbpM87oFbCVdBH38r0XS6F6CdhPJsKFhoEfq4c01HZqNmDpCPA8AAcCuSWqmXoTIqs7OqkWgduE2bInbWU7WMaTl+kCAwEAAaNQME4wHQYDVR0OBBYEFB/AsC4iPAqaLoNytNSx29qByI7+MB8GA1UdIwQYMBaAFB/AsC4iPAqaLoNytNSx29qByI7+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMb2Td3ro/+MGVnCPAbwBSOZMVLUKGqt6zr8CShW9mtFHnmy29EaWSYYAj1M4+6Vpkq85NsgBEck7rnUjV8A3Q0NKdTys1KRKJqVvQRBN6SwqQenSf/abxQCa8Z+69rh+3BkIU1HLtu5lrMDZwon5H91L5mpORn6vItd20uW132lwSDeUEW2CHslTrodoFuTUcSUlRiq/URfUH3baO1QHXkxpQwrBPKL5deJfcZnxh5MAtAGSQL7gHvayEFlDppETXdDO7vgGTH2dEK2TjKWALbGiKkxSqjRyTNt4/FOj10TqNRdUamj+ydVJgzGQ8bki4Vc6NnKm/r4asusxapkVR4=</signature>
|
||||
</webviewprovider>
|
||||
<webviewprovider description="Google WebView" packageName="com.google.android.webview" availableByDefault="true">
|
||||
<signature>MIIDuzCCAqOgAwIBAgIJANi6DgBQG4ZTMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHd2VidmlldzAeFw0xNDA4MDgyMzIwMjBaFw00MTEyMjQyMzIwMjBaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHd2VidmlldzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbtaFX0r5aZJMAbPVMAgK1ZZ29dTn91VsGxXv2hqrQo7IpqEy2JmPvPnoMsSiuTAe+UcQy8oKDQ2aYVSAd1DGIy+nSRyFTt3LSIAdwSBkB1qT4a+OqkpsR6bSNXQXQ18lCQu9gREY3h3QlYBQAyzRxw4hRGlrXAzuSz1Ec4W+6x4nLG5DG61MAMR8ClF9XSqbmGB3kyZ70A0X9OPYYxiMWP1ExaYvpaVqjyZZcrPwr+vtW8oCuGBUtHpBUH3OoG+9s2YMcgLG7vCK9awKDqlPcJSpIAAj6uGs4gORmkqxZRMskLSTWbhP4p+3Ap8jYzTVB6Y1/DMVmYTWRMcPW0macCAwEAAaNQME4wHQYDVR0OBBYEFJ6bAR6/QVm4w9LRSGQiaR5Rhp3TMB8GA1UdIwQYMBaAFJ6bAR6/QVm4w9LRSGQiaR5Rhp3TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEQu8QiVxax7/diEiJrgKE1LwdXsIygJK/KnaKdnYEkAQpeu/QmrLiycm+OFbL1qHJIB7OuI/PQBUtcaNSiJSCVgtwtEbZWWIdsynqG/Nf4aGOndXegSQNRH54M05sRHLoeRycPrY7xQlEwGikNFR76+5UdwFBQI3Gn22g6puJnVukQm/wXQ+ajoiS4QclrNlixoDQsZ4STLH4+Wju2wIWKFFArIhVEIlbamq+p6BghuzH3aIz/Fy0YTQKi7SA+0fuNeCaqlSm5pYSt6p5CH89y1Fr+wFc5r3iLRnUwRcy08ESC7bZJnxV3d/YQ5valTxBbzku/dQbXVj/xg69H8l8M=</signature>
|
||||
</webviewprovider>
|
||||
<webviewprovider description="Bromite WebView" packageName="org.bromite.webview" availableByDefault="true">
|
||||
<signature>MIIDbTCCAlWgAwIBAgIEHcsmjjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGQmVybGluMRAwDgYDVQQKEwdCcm9taXRlMRAwDgYDVQQLEwdCcm9taXRlMRAwDgYDVQQDEwdjc2FnYW41MCAXDTE4MDExOTA3MjE1N1oYDzIwNjgwMTA3MDcyMTU3WjBmMQswCQYDVQQGEwJERTEQMA4GA1UECBMHVW5rbm93bjEPMA0GA1UEBxMGQmVybGluMRAwDgYDVQQKEwdCcm9taXRlMRAwDgYDVQQLEwdCcm9taXRlMRAwDgYDVQQDEwdjc2FnYW41MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtakjGj0eTavbBB2vWXj8KBixWn4zgXAKc+yGFu3SLEGF1VB5aJWwcMHxVI55yH/8M2eNnJP0BkSidfKgPVcm1sk/GrNEs9uk5sWod9byO5M5QWQmGP2REeTd6J0BVVVaMp2MZnqeR3Su3pwFzrSwTqIGyf8dkPSEz7ifj792+EeRNrov4oRQK7lIfqInzwc4d34wU069Lrw6m7J7HM0KbRYISsWMiYj025Qg+dTrtdWt7jbdcj7htW0eYyJoLd90+s43RWnOpENmWpcWv1EVPxUD4mCdV9idYwoHRIESpSu9IWvqDZp1VoRc43nLgsNfNBwmYdTkIaPiz1m7TBcr7QIDAQABoyEwHzAdBgNVHQ4EFgQUuWoGd7W7wMyQ1pOdjiMv10YHTR0wDQYJKoZIhvcNAQELBQADggEBAA7iw6eKz+T8HIpKDoDcX1Ywjn9JUzuCFu20LnsLzreO/Pog1xErYjdLAS7LTZokfbAnitBskO9QhV9BYkDiM0Qr5v2/HsJTtxa1mz9ywCcI36jblMyuXFj8tuwQI9/t9i+Fc3+bOFBV3t7djPo9qX1dIK0lZ6s8HcIhaCNdqm65fH+nWhC/H9djqC6qOtrkTiACKEcHQ4a/5dfROU0q0M4bS4YuiaAQWgjiGbik4LrZ8wZX1aqJCLt0Hs7MzXyyf0cRSO11FIOViHwzh6WTZGufq2J3YBFXPond8kLxkKL3LNezbi5yTcecxsbKQ6OS46CnIKcy/M8asSreLpoCDvw=</signature>
|
||||
</webviewprovider>
|
||||
<!-- The default WebView implementation -->
|
||||
<webviewprovider description="AOSP WebView" packageName="com.android.webview" availableByDefault="true" isFallback="true" />
|
||||
</webviewproviders>
|
||||
|
||||
5
nehemiah/sepolicy/asus.te
Normal file
5
nehemiah/sepolicy/asus.te
Normal file
@ -0,0 +1,5 @@
|
||||
allow cameraserver phhsu_exec:file rx_file_perms;
|
||||
|
||||
type asus_motor_device, file_type;
|
||||
allow cameraserver asus_motor_device:chr_file { open read write ioctl };
|
||||
allowxperm cameraserver asus_motor_device:chr_file ioctl { 0x4d02 };
|
||||
4
nehemiah/sepolicy/board_properties.te
Normal file
4
nehemiah/sepolicy/board_properties.te
Normal file
@ -0,0 +1,4 @@
|
||||
type sysfs_board_properties, fs_type, sysfs_type;
|
||||
|
||||
allow system_server sysfs_board_properties:dir search;
|
||||
allow system_server sysfs_board_properties:file r_file_perms;
|
||||
3
nehemiah/sepolicy/bootanim.te
Normal file
3
nehemiah/sepolicy/bootanim.te
Normal file
@ -0,0 +1,3 @@
|
||||
#11-14 21:15:02.748 477 477 I auditd : type=1400 audit(0.0:104): avc: denied { search } for comm="BootAnimation" name="dri" dev="tmpfs" ino=1108 scontext=u:r:bootanim:s0 tcontext=u:object_r:gpu_device:s0 tclass=dir permissive=0
|
||||
#Seen on some MTK devices
|
||||
allow bootanim gpu_device:dir r_dir_perms;
|
||||
22
nehemiah/sepolicy/file_contexts
Normal file
22
nehemiah/sepolicy/file_contexts
Normal file
@ -0,0 +1,22 @@
|
||||
/system/bin/phh-su u:object_r:phhsu_exec:s0
|
||||
/system/bin/vndk-detect u:object_r:vndk_detect_exec:s0
|
||||
/system/etc/usb_audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
|
||||
/system/bin/rw-system.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/phh-on-boot.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/phh-on-data.sh u:object_r:phhsu_exec:s0
|
||||
/system/bin/asus-motor u:object_r:phhsu_exec:s0
|
||||
|
||||
#/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
|
||||
/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
|
||||
|
||||
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
|
||||
|
||||
/sec_storage(/.*)? u:object_r:teecd_data_file:s0
|
||||
/dev/dsm u:object_r:dmd_device:s0
|
||||
|
||||
/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oppo.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0
|
||||
/system/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.oplus.compat u:object_r:hal_fingerprint_oppo_compat_exec:s0
|
||||
|
||||
/efs u:object_r:efs_file:s0
|
||||
|
||||
/dev/smcinvoke u:object_r:smcinvoke_device:s0
|
||||
1
nehemiah/sepolicy/genfs_contexts
Normal file
1
nehemiah/sepolicy/genfs_contexts
Normal file
@ -0,0 +1 @@
|
||||
genfscon sysfs /board_properties u:object_r:sysfs_board_properties:s0
|
||||
10
nehemiah/sepolicy/hal.te
Normal file
10
nehemiah/sepolicy/hal.te
Normal file
@ -0,0 +1,10 @@
|
||||
type hal_fingerprint_oppo_compat, domain;
|
||||
hal_client_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
|
||||
hal_server_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
|
||||
|
||||
type hal_fingerprint_oppo_compat_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_fingerprint_oppo_compat)
|
||||
|
||||
|
||||
type hal_fingerprint_oppo, domain;
|
||||
allow hal_fingerprint_oppo vendor_default_prop:property_service { set };
|
||||
1
nehemiah/sepolicy/hardware_overlay.te
Normal file
1
nehemiah/sepolicy/hardware_overlay.te
Normal file
@ -0,0 +1 @@
|
||||
allow priv_app overlay_service:service_manager find;
|
||||
4
nehemiah/sepolicy/hostapd.te
Normal file
4
nehemiah/sepolicy/hostapd.te
Normal file
@ -0,0 +1,4 @@
|
||||
type hostapd, domain;
|
||||
|
||||
allow hostapd wifi_data_file:dir create_dir_perms;
|
||||
allow hostapd wifi_data_file:file create_file_perms;
|
||||
17
nehemiah/sepolicy/huawei.te
Normal file
17
nehemiah/sepolicy/huawei.te
Normal file
@ -0,0 +1,17 @@
|
||||
allow ueventd proc:file r_file_perms;
|
||||
permissive ueventd;
|
||||
|
||||
type teecd_data_file, file_type;
|
||||
type dmd_device, file_type;
|
||||
allow hal_fingerprint_server dmd_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_server sysfs:file rw_file_perms;
|
||||
allow tee hal_fingerprint_default:process { getattr };
|
||||
allow tee teecd_data_file:dir { search read write create getattr add_name open };
|
||||
allow tee teecd_data_file:file { read write create getattr open };
|
||||
allow tee system_data_file:dir { getattr };
|
||||
|
||||
type oeminfo_nvm, domain;
|
||||
type oeminfo_nvm_device, file_type;
|
||||
allowxperm oeminfo_nvm oeminfo_nvm_device:blk_file ioctl { 0x1260 };
|
||||
|
||||
allow charger rootfs:file { ioctl read getattr lock map execute entrypoint open };
|
||||
13
nehemiah/sepolicy/init.te
Normal file
13
nehemiah/sepolicy/init.te
Normal file
@ -0,0 +1,13 @@
|
||||
#This is in Android 8.0, but not 8.1
|
||||
domain_trans(init, rootfs, adbd)
|
||||
|
||||
#This is used on Huawei devices to f2fs data partition
|
||||
allow init userdata_block_device:blk_file relabelto;
|
||||
allow init userdata_block_device:lnk_file relabelto;
|
||||
|
||||
allow vendor_init vendor_init:capability { sys_module };
|
||||
|
||||
allow init system_file:lnk_file create_file_perms;
|
||||
|
||||
#fix adb in some cases
|
||||
allow init adbd_exec:lnk_file read;
|
||||
4
nehemiah/sepolicy/lenovo.te
Normal file
4
nehemiah/sepolicy/lenovo.te
Normal file
@ -0,0 +1,4 @@
|
||||
type sysfs_tp, file_type;
|
||||
|
||||
#Allow treble_app access to /sys/devices/virtual/touch/tp_dev/gesture_on
|
||||
allow system_app sysfs_tp:file rw_file_perms;
|
||||
1
nehemiah/sepolicy/lmkd.te
Normal file
1
nehemiah/sepolicy/lmkd.te
Normal file
@ -0,0 +1 @@
|
||||
allow lmkd self:capability sys_ptrace;
|
||||
19
nehemiah/sepolicy/mediatek.te
Normal file
19
nehemiah/sepolicy/mediatek.te
Normal file
@ -0,0 +1,19 @@
|
||||
type hal_graphics_allocator_default, domain;
|
||||
type proc_ged, file_type;
|
||||
allowxperm domain proc_ged:file ioctl { 0x6700-0x67ff };
|
||||
|
||||
allow init mnt_product_file:dir mounton;
|
||||
|
||||
type mtk_hal_audio, domain;
|
||||
typeattribute mtk_hal_audio hal_broadcastradio_client;
|
||||
|
||||
type mtk_hal_power, domain;
|
||||
allow mtk_hal_power system_data_root_file:file create_file_perms;
|
||||
allow zygote ashmem_device:chr_file execute;
|
||||
|
||||
attribute hal_mms_server;
|
||||
binder_call({appdomain -isolated_app}, hal_mms_server)
|
||||
binder_call(hal_mms_server, {appdomain -isolated_app})
|
||||
|
||||
type mtk_hal_mms_hwservice, hwservice_manager_type;
|
||||
allow { appdomain -isolated_app } mtk_hal_mms_hwservice:hwservice_manager find;
|
||||
6
nehemiah/sepolicy/oppo.te
Normal file
6
nehemiah/sepolicy/oppo.te
Normal file
@ -0,0 +1,6 @@
|
||||
type sysfs_usb_supply, file_type;
|
||||
|
||||
allow system_app sysfs_usb_supply:file rw_file_perms;
|
||||
|
||||
type hal_fingerprint_oplus, domain;
|
||||
allow hal_fingerprint_oplus vendor_default_prop:property_service set;
|
||||
30
nehemiah/sepolicy/qualcomm.te
Normal file
30
nehemiah/sepolicy/qualcomm.te
Normal file
@ -0,0 +1,30 @@
|
||||
type bt_firmware_file, file_type;
|
||||
type rild, domain;
|
||||
|
||||
#me.phh.treble.qti.audio is system-signed
|
||||
allow system_app hal_telephony_hwservice:hwservice_manager { find };
|
||||
allow { rild system_app } { rild system_app }:binder { call transfer };
|
||||
|
||||
#Pixel 1
|
||||
type vnd_qcril_audio_hwservice, hwservice_manager_type;
|
||||
allow system_app vnd_qcril_audio_hwservice:hwservice_manager { find };
|
||||
|
||||
#Pixel 2
|
||||
type vnd_qcrilhook_hwservice, hwservice_manager_type;
|
||||
allow system_app vnd_qcrilhook_hwservice:hwservice_manager { find };
|
||||
|
||||
#OP6
|
||||
allow system_app hal_telephony_hwservice:hwservice_manager { find };
|
||||
|
||||
# cf https://github.com/phhusson/treble_experimentations/issues/131
|
||||
# SELinux : avc: denied { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0
|
||||
type ipacm, hwservice_manager_type;
|
||||
allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add };
|
||||
|
||||
type rpmb_device, file_type;
|
||||
allow tee rpmb_device:blk_file rw_file_perms;
|
||||
allowxperm tee rpmb_device:blk_file ioctl { 0xb300-0xbfff };
|
||||
|
||||
attribute smcinvoke_device_29_0;
|
||||
type smcinvoke_device, dev_type;
|
||||
typeattribute smcinvoke_device smcinvoke_device_29_0;
|
||||
4
nehemiah/sepolicy/samsung.te
Normal file
4
nehemiah/sepolicy/samsung.te
Normal file
@ -0,0 +1,4 @@
|
||||
type boot_prop, property_type;
|
||||
|
||||
set_prop(system_server, boot_prop);
|
||||
|
||||
10
nehemiah/sepolicy/service_contexts
Normal file
10
nehemiah/sepolicy/service_contexts
Normal file
@ -0,0 +1,10 @@
|
||||
qti.ims.ext u:object_r:radio_service:s0
|
||||
# SPRD IMS
|
||||
ims_ex u:object_r:radio_service:s0
|
||||
ims_ut_ex u:object_r:radio_service:s0
|
||||
ims_doze_manager u:object_r:radio_service:s0
|
||||
irit u:object_r:radio_service:s0
|
||||
|
||||
# MTK IMS
|
||||
mwis u:object_r:radio_service:s0
|
||||
mtkIms u:object_r:radio_service:s0
|
||||
151
nehemiah/sepolicy/su.te
Normal file
151
nehemiah/sepolicy/su.te
Normal file
@ -0,0 +1,151 @@
|
||||
type phhsu_daemon, domain, mlstrustedsubject;
|
||||
type phhsu_exec, exec_type, file_type;
|
||||
type phhsu_daemon_tmpfs, file_type;
|
||||
|
||||
typeattribute phhsu_daemon coredomain;
|
||||
permissive phhsu_daemon;
|
||||
|
||||
tmpfs_domain(phhsu_daemon);
|
||||
domain_auto_trans(init, phhsu_exec, phhsu_daemon);
|
||||
file_type_auto_trans(phhsu_daemon, device, phhsu_daemon);
|
||||
|
||||
allow { appdomain shell } phhsu_daemon:unix_stream_socket { connectto write read };
|
||||
allow { appdomain shell } phhsu_daemon:sock_file { write read };
|
||||
allow { appdomain shell } phhsu_exec:file { getattr read open execute execute_no_trans };
|
||||
|
||||
create_pty(shell)
|
||||
allowxperm shell devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls };
|
||||
allowxperm { phhsu_daemon untrusted_app untrusted_app_27 } untrusted_app_all_devpts:chr_file ioctl { TCSETSF TCGETS unpriv_tty_ioctls };
|
||||
|
||||
allow servicemanager phhsu_daemon:dir { search read };
|
||||
allow servicemanager phhsu_daemon:file { open read };
|
||||
allow servicemanager phhsu_daemon:process { getattr };
|
||||
allow servicemanager phhsu_daemon:binder { call transfer };
|
||||
|
||||
typeattribute phhsu_daemon mlstrustedobject;
|
||||
typeattribute phhsu_daemon mlstrustedsubject;
|
||||
|
||||
allow shell su_exec:file getattr;
|
||||
typeattribute su mlstrustedsubject;
|
||||
|
||||
allow phhsu_daemon { system_api_service app_api_service system_server_service }:service_manager find;
|
||||
|
||||
allow system_server phhsu_daemon:fifo_file { read write getattr };
|
||||
allow system_server phhsu_daemon:fd use;
|
||||
allow system_server phhsu_daemon:binder { call transfer };
|
||||
allow system_server shell_devpts:chr_file { read write };
|
||||
|
||||
# Add su to various domains
|
||||
net_domain(phhsu_daemon)
|
||||
|
||||
hwbinder_use(phhsu_daemon)
|
||||
|
||||
allow domain untrusted_app_all_devpts:chr_file { getattr read write };
|
||||
allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl };
|
||||
allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl };
|
||||
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
|
||||
|
||||
allow appdomain phhsu_daemon:dir { search };
|
||||
|
||||
allow phhsu_daemon self:global_capability_class_set { sys_resource sys_ptrace };
|
||||
|
||||
allow phhsu_daemon self:dir rw_dir_perms;
|
||||
allow phhsu_daemon self:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon self:lnk_file { r_file_perms execmod };
|
||||
|
||||
allow phhsu_daemon adbd_exec:file { getattr read };
|
||||
allow phhsu_daemon { rootfs same_process_hal_file system_file tmpfs }:file { mounton getattr };
|
||||
allow phhsu_daemon self:capability { sys_admin chown setuid setgid net_raw dac_override dac_read_search kill fowner mknod };
|
||||
allow phhsu_daemon self:capability2 { syslog };
|
||||
allow phhsu_daemon shell_exec:file rx_file_perms;
|
||||
allow phhsu_daemon system_file:file { rx_file_perms entrypoint };
|
||||
allow phhsu_daemon kmsg_device:chr_file { ioctl w_file_perms };
|
||||
allow phhsu_daemon toolbox_exec:file rx_file_perms;
|
||||
allow phhsu_daemon system_block_device:{ lnk_file file } r_file_perms;
|
||||
|
||||
allow { phhsu_daemon shell } domain:dir rw_dir_perms;
|
||||
allow { phhsu_daemon shell } domain:file rw_file_perms;
|
||||
allow { phhsu_daemon shell } domain:lnk_file rw_file_perms;
|
||||
allow { phhsu_daemon shell } rootfs:file { rwx_file_perms create rename setattr unlink };
|
||||
allow { phhsu_daemon shell } rootfs:dir rw_dir_perms;
|
||||
allow phhsu_daemon asec_apk_file:dir rw_dir_perms;
|
||||
|
||||
allow phhsu_daemon shell_devpts:chr_file rw_file_perms;
|
||||
|
||||
allow phhsu_daemon app_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon dalvikcache_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon dalvikcache_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon dalvikcache_data_file:lnk_file { r_file_perms execmod };
|
||||
allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon system_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon system_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon system_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon system_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon init:unix_stream_socket { connectto };
|
||||
allow phhsu_daemon self:process { ptrace setexec execmem setfscreate };
|
||||
allow phhsu_daemon app_data_file:file { rwx_file_perms create rename setattr unlink };
|
||||
allow phhsu_daemon app_data_file:dir rw_dir_perms;
|
||||
allow phhsu_daemon ashmem_device:chr_file { execute };
|
||||
allow phhsu_daemon dex2oat_exec:file rx_file_perms;
|
||||
|
||||
|
||||
allow phhsu_daemon phhsu_daemon_tmpfs:file rwx_file_perms;
|
||||
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename };
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:chr_file { rwx_file_perms unlink rename ioctl};
|
||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:blk_file { rw_file_perms create unlink rename ioctl};
|
||||
|
||||
allow phhsu_daemon device:file rwx_file_perms;
|
||||
allow phhsu_daemon device:dir rw_dir_perms;
|
||||
|
||||
allow phhsu_daemon domain:process { ptrace signal signull getattr };
|
||||
allow phhsu_daemon selinuxfs:file rwx_file_perms;
|
||||
allow domain phhsu_daemon:process { sigchld };
|
||||
allow phhsu_daemon domain:binder { call transfer };
|
||||
allow phhsu_daemon kernel:system { syslog_read syslog_mod };
|
||||
allow phhsu_daemon kernel:security { setenforce compute_av };
|
||||
allow phhsu_daemon domain:unix_stream_socket { getattr };
|
||||
|
||||
allow phhsu_daemon logdr_socket:sock_file write;
|
||||
allow phhsu_daemon logd:unix_stream_socket connectto;
|
||||
|
||||
allow phhsu_daemon property_type:property_service { set };
|
||||
allow phhsu_daemon property_socket:sock_file { write };
|
||||
allow phhsu_daemon property_type:file rw_file_perms;
|
||||
allow phhsu_daemon { hwservicemanager hwservice_manager_type }:hwservice_manager { list add find };
|
||||
allow phhsu_daemon domain:unix_dgram_socket rw_socket_perms;
|
||||
|
||||
allow phhsu_daemon tombstoned_intercept_socket:sock_file { write };
|
||||
allow phhsu_daemon tombstoned:unix_stream_socket { connectto };
|
||||
|
||||
allow phhsu_daemon { property_data_file data_file_type tmpfs }:file create_file_perms;
|
||||
allow phhsu_daemon { property_data_file data_file_type tmpfs }:dir create_dir_perms;
|
||||
|
||||
allow phhsu_daemon { tmpfs fs_type }:filesystem { mount remount unmount associate };
|
||||
|
||||
allow phhsu_daemon phhsu_daemon:file relabelfrom;
|
||||
|
||||
allow phhsu_daemon properties_device:dir { map };
|
||||
allow phhsu_daemon { tmpfs }:dir { mounton };
|
||||
allow phhsu_daemon { file_type shell_data_file system_file}:file { relabelto relabelfrom} ;
|
||||
|
||||
allow phhsu_daemon domain:fd { use };
|
||||
allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown };
|
||||
allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read };
|
||||
allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms };
|
||||
|
||||
allow phhsu_daemon file_type:file create_file_perms;
|
||||
allow phhsu_daemon file_type:dir create_dir_perms;
|
||||
|
||||
allow phhsu_daemon domain:process { transition };
|
||||
|
||||
|
||||
# 05-09 00:05:30.149 18450 18450 W lprename: type=1400 audit(0.0:40923): avc: denied { ioctl } for path="/dev/block/sda25" dev="tmpfs" ino=19441 ioctlcmd=0x1278 scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:super_block_device:s0 tclass=blk_file permissive=0
|
||||
# 06-06 12:59:53.775 30150 30150 I auditd : type=1400 audit(0.0:35585): avc: denied { ioctl } for comm="blockdev" path="/dev/block/dm-3" dev="tmpfs" ino=12687 ioctlcmd=0x125d scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0
|
||||
|
||||
allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff };
|
||||
allowxperm phhsu_daemon { system_block_device super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d };
|
||||
44
nehemiah/sepolicy/treble_app.te
Normal file
44
nehemiah/sepolicy/treble_app.te
Normal file
@ -0,0 +1,44 @@
|
||||
allow system_app hal_wifi_hostapd_hwservice:hwservice_manager { add find };
|
||||
allow system_app hidl_base_hwservice:hwservice_manager { add };
|
||||
allow system_app wifi_data_file:dir create_dir_perms;
|
||||
allow system_app wifi_data_file:file create_file_perms;
|
||||
|
||||
allow system_app sysfs_batteryinfo:file rw_file_perms;
|
||||
|
||||
type vendor_camera_prop, property_type;
|
||||
set_prop(system_app, vendor_camera_prop);
|
||||
type camera_prop, property_type;
|
||||
set_prop(system_app, camera_prop);
|
||||
|
||||
type hal_ext_fingerprint_hwservice, hwservice_manager_type;
|
||||
allow system_app hal_ext_fingerprint_hwservice:hwservice_manager { find };
|
||||
type hal_fingerprint_default, domain;
|
||||
allow system_app hal_fingerprint_default:binder { call };
|
||||
allow system_app sysfs_power:dir r_dir_perms;
|
||||
allow system_app sysfs_power:file rw_file_perms;
|
||||
allow system_app sysfs_power:lnk_file read;
|
||||
|
||||
type default_hisi_hwservice, hwservice_manager_type;
|
||||
allow system_app default_hisi_hwservice:hwservice_manager { find };
|
||||
|
||||
type hal_tp_default, domain;
|
||||
allow system_app hal_tp_default:binder { call };
|
||||
|
||||
#cam2api
|
||||
allow system_app vendor_default_prop:property_service { set };
|
||||
|
||||
set_prop(system_app, default_prop);
|
||||
set_prop(system_app, exported3_default_prop);
|
||||
|
||||
type mtk_hal_rild_hwservice, hwservice_manager_type;
|
||||
allow system_app mtk_hal_rild_hwservice:hwservice_manager { find};
|
||||
|
||||
type mtk_vilte_support_prop, property_type;
|
||||
allow system_app mtk_vilte_support_prop:property_service set;
|
||||
|
||||
type hal_gesturewake_hwservice, hwservice_manager_type;
|
||||
type hal_gesturewake_default, domain;
|
||||
allow system_app hal_gesturewake_hwservice:hwservice_manager { find };
|
||||
allow system_app hal_gesturewake_default:binder { call transfer };
|
||||
allow hal_gesturewake_default system_app:binder { call transfer };
|
||||
|
||||
27
nehemiah/sepolicy/vndk_detect.te
Normal file
27
nehemiah/sepolicy/vndk_detect.te
Normal file
@ -0,0 +1,27 @@
|
||||
type vndk_detect, coredomain, domain;
|
||||
type vndk_detect_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(vndk_detect);
|
||||
allow vndk_detect sepolicy_file:file r_file_perms;
|
||||
set_prop(vndk_detect,system_prop);
|
||||
set_prop(vndk_detect,debug_prop);
|
||||
|
||||
allow vndk_detect shell_exec:file rx_file_perms;
|
||||
allow vndk_detect toolbox_exec:file rx_file_perms;
|
||||
#/system/bin/grep
|
||||
allow vndk_detect system_file:file rx_file_perms;
|
||||
|
||||
#mount -o bind /system/bin/adbd /sbin/adbd
|
||||
allow vndk_detect adbd_exec:file { getattr read };
|
||||
allow vndk_detect rootfs:file { mounton getattr };
|
||||
allow vndk_detect self:capability { sys_admin };
|
||||
|
||||
#mount -o bind /system/etc/usb_audio_policy_configuration.xml /vendor/etc/usb_audio_policy_configuration.xml
|
||||
allow init vendor_configs_file:file { getattr mounton };
|
||||
|
||||
#/sys/module/five
|
||||
allow vndk_detect sysfs:file r_file_perms;
|
||||
allow vndk_detect sysfs:dir r_dir_perms;
|
||||
|
||||
#/proc/filesystems
|
||||
allow vndk_detect proc_filesystems:file r_file_perms;
|
||||
2
nehemiah/sepolicy/vold.te
Normal file
2
nehemiah/sepolicy/vold.te
Normal file
@ -0,0 +1,2 @@
|
||||
allow vold system_data_file:lnk_file { unlink };
|
||||
allow mediaextractor sdcard_type:file read;
|
||||
4
nehemiah/system.prop
Normal file
4
nehemiah/system.prop
Normal file
@ -0,0 +1,4 @@
|
||||
persist.bluetooth.bluetooth_audio_hal.disabled=true
|
||||
persist.sys.bt.unsupport.features=00000000
|
||||
persist.sys.bt.unsupport.states=00000000
|
||||
persist.sys.bt.unsupport.stdfeatures=000001
|
||||
Loading…
x
Reference in New Issue
Block a user