From ff931e62de54b6855a540efb3ca73abf19acb22d Mon Sep 17 00:00:00 2001 From: Alberto Ponces Date: Thu, 22 Jul 2021 11:48:23 +0100 Subject: [PATCH] PATCH: add flipendo sepolicy --- buildbot_treble.sh | 1 + patches/0001-Add-flipendo-sepolicy.patch | 57 ++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 patches/0001-Add-flipendo-sepolicy.patch diff --git a/buildbot_treble.sh b/buildbot_treble.sh index c27d2f54..956492dd 100755 --- a/buildbot_treble.sh +++ b/buildbot_treble.sh @@ -84,6 +84,7 @@ git am $BL/patches/0001-base-remove-securize-script.patch git am $BL/patches/0001-board-add-broken-duplicate-rules-flag.patch git am $BL/patches/0001-rw-system-set-fingerprint-props.patch git am $BL/patches/0001-add-offline-charger-sepolicy.patch +git am $BL/patches/0001-Add-flipendo-sepolicy.patch cd ../../.. cd frameworks/av git revert 72fb8d96c85fd45e85516b4023cd5116b5d5a8eb --no-edit # camera: Allow devices to load custom CameraParameter code diff --git a/patches/0001-Add-flipendo-sepolicy.patch b/patches/0001-Add-flipendo-sepolicy.patch new file mode 100644 index 00000000..e8d8d67e --- /dev/null +++ b/patches/0001-Add-flipendo-sepolicy.patch @@ -0,0 +1,57 @@ +From dc44e4db8b0c2386c762e03815987e536d631119 Mon Sep 17 00:00:00 2001 +From: Alberto Ponces +Date: Thu, 22 Jul 2021 11:35:11 +0100 +Subject: [PATCH] Add flipendo sepolicy + +Fix Extreme Battery Saver SELinux denials +--- + sepolicy/flipendo.te | 28 ++++++++++++++++++++++++++++ + sepolicy/seapp_contexts | 1 + + 2 files changed, 29 insertions(+) + create mode 100644 sepolicy/flipendo.te + create mode 100644 sepolicy/seapp_contexts + +diff --git a/sepolicy/flipendo.te b/sepolicy/flipendo.te +new file mode 100644 +index 0000000..206f4ca +--- /dev/null ++++ b/sepolicy/flipendo.te +@@ -0,0 +1,28 @@ ++type flipendo, domain, coredomain; ++app_domain(flipendo) ++ ++# HwBinder IPC from client to flipendo ++binder_call(hal_power_client, flipendo) ++ ++# HwBinder IPC from flipendo to statsd ++binder_call(flipendo, statsd) ++ ++# HwBinder IPC from flipendo to gpuservice, and callbacks ++binder_call(gpuservice, flipendo) ++binder_call(flipendo, gpuservice) ++ ++# HwBinder IPC from stats_service_server to flipendo, and callbacks ++binder_call(stats_service_server, flipendo) ++binder_call(flipendo, stats_service_server) ++ ++# Allow flipendo to find app_api_service ++allow flipendo app_api_service:service_manager find; ++ ++# Allow flipendo to find fwk_stats_hwservice ++allow flipendo fwk_stats_hwservice:hwservice_manager find; ++ ++# Allow flipendo to find color_display_service ++allow flipendo color_display_service:service_manager find; ++ ++# Allow flipendo to find hal_power_service ++allow flipendo hal_power_service:service_manager find; +diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts +new file mode 100644 +index 0000000..ebf7fe4 +--- /dev/null ++++ b/sepolicy/seapp_contexts +@@ -0,0 +1 @@ ++user=_app seinfo=platform name=com.google.android.flipendo domain=flipendo type=app_data_file levelFrom=all +-- +2.25.1 +