projectceladon · XuBing0 · Jul 19, 2022 · Apr 3, 2023
diff --git a/dgpu-switch/dgpu-switch.te b/dgpu-switch/dgpu-switch.te
@@ -0,0 +1,8 @@
+#
+# dgpu-switch
+#
+
+type dgpu-switch, domain;
+type dgpu-switch_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(dgpu-switch)
+
diff --git a/dgpu-switch/file_contexts b/dgpu-switch/file_contexts
@@ -0,0 +1,2 @@
+#dgpu switch
+/vendor/bin/dGPU_switch.sh   u:object_r:dgpu-switch_exec:s0
diff --git a/dgpu-switch/generate_dmseg_rules.te b/dgpu-switch/generate_dmseg_rules.te
@@ -0,0 +1,29 @@
+
+
+#============= hal_evs_default ==============
+allow hal_evs_default self:netlink_kobject_uevent_socket read;
+
+#============= kernel ==============
+#allow kernel device:blk_file { create setattr };
+allow kernel device:chr_file { create setattr };
+allow kernel device:dir { add_name create write };
+allow kernel self:capability mknod;
+
+#============= logsvc ==============
+allow logsvc vendor_data_file:dir { add_name write };
+allow logsvc vendor_data_file:lnk_file create;
+
+#============= mediaprovider_app ==============
+#allow mediaprovider_app media_rw_data_file:fifo_file { getattr open read };
+
+#============= platform_app ==============
+allow platform_app proc:file { getattr };
+
+#============= shell ==============
+#allow shell kernel:system syslog_read;
+
+#============= system_app ==============
+allow system_app proc:file { getattr };
+
+#============= vendor_init ==============
+allow vendor_init vts_status_prop:file read;
diff --git a/dgpu-switch/generate_log_rules.te b/dgpu-switch/generate_log_rules.te
@@ -0,0 +1,72 @@
+
+
+#============= bootanim ==============
+allow bootanim proc:file { getattr };
+
+#============= carpowerpolicyd ==============
+allow carpowerpolicyd hal_audiocontrol_default:binder call;
+
+#============= carservice_app ==============
+allow carservice_app system_data_file:dir search;
+allow carservice_app user_profile_root_file:dir search;
+
+#============= carwatchdogd ==============
+allow carwatchdogd system_car_data_file:dir search;
+
+#============= experimentalcarservice_app ==============
+allow experimentalcarservice_app content_capture_service:service_manager find;
+allow experimentalcarservice_app game_service:service_manager find;
+allow experimentalcarservice_app system_data_file:dir search;
+allow experimentalcarservice_app user_profile_root_file:dir search;
+
+#============= hal_audiocontrol_default ==============
+allow hal_audiocontrol_default carpowerpolicyd:binder { call transfer };
+allow hal_audiocontrol_default carpowerpolicyd_service:service_manager find;
+
+#============= hal_evs_default ==============
+#allow hal_evs_default automotive_display_service:binder call;
+allow hal_evs_default device:dir { open read };
+allow hal_evs_default self:netlink_kobject_uevent_socket { bind create read setopt };
+
+#============= intel_prop ==============
+#allow intel_prop system_prop:property_service set;
+
+#============= kernel ==============
+allow kernel device:chr_file { create setattr };
+allow kernel device:dir { add_name write };
+allow kernel self:capability mknod;
+
+#============= logsvc ==============
+allow logsvc file_contexts_file:file { getattr open read };
+allow logsvc vendor_data_file:dir { add_name write };
+allow logsvc vendor_data_file:lnk_file { create getattr };
+
+#============= mediaprovider_app ==============
+#allow mediaprovider_app media_rw_data_file:fifo_file { create getattr open read unlink };
+
+#============= platform_app ==============
+allow platform_app proc:file { getattr };
+
+#============= shell ==============
+allow shell dgpu-switch_exec:file { open read };
+allow shell fuse:fifo_file { create getattr unlink write };
+#allow shell self:capability dac_read_search;
+
+#============= surfaceflinger ==============
+allow surfaceflinger proc:file { getattr };
+
+#============= system_app ==============
+allow system_app proc:file { getattr };
+
+#============= system_server ==============
+allow system_server proc:file { getattr };
+
+#============= system_suspend ==============
+#allow system_suspend sysfs:dir { open read };
+#allow system_suspend sysfs:file { getattr };
+
+#============= thermal-daemon ==============
+allow thermal-daemon sysfs_app_readable:file { getattr open read };
+
+#============= vendor_init ==============
+#allow vendor_init self:lockdown integrity;
diff --git a/dgpu-switch/shell.te b/dgpu-switch/shell.te
@@ -0,0 +1,42 @@
+#allow shell logd:netlink_audit_socket { getattr setattr };
+#allow shell shell:capability { sys_ptrace };
+#allow shell shell:capability { dac_read_search };
+#allow shell system_suspend:unix_dgram_socket { getattr setattr };
+#allow shell keystore_data_file:file { getattr setattr };
+#allow shell dgpu-switch_exec:file { entrypoint };
+allow shell init:netlink_selinux_socket { getattr setattr };
+allow shell init:unix_stream_socket { getattr setattr };
+allow shell ueventd:netlink_kobject_uevent_socket { getattr setattr };
+allow shell carwatchdogd:unix_dgram_socket { getattr setattr };
+allow shell logd:fifo_file { getattr setattr };
+allow shell logd:unix_stream_socket { getattr setattr };
+allow shell logd:unix_dgram_socket { getattr setattr };
+allow shell unlabeled:file { getattr setattr };
+allow shell lmkd:unix_dgram_socket { getattr setattr };
+allow shell lmkd:unix_stream_socket { getattr setattr };
+allow shell ueventd:netlink_kobject_uevent_socket { getattr setattr };
+allow shell proc_kmsg:file { getattr setattr };
+allow shell proc_pressure_mem:file { getattr setattr };
+allow shell servicemanager:netlink_selinux_socket { getattr setattr };
+allow shell servicemanager:unix_dgram_socket { getattr setattr };
+allow shell hwservicemanager:netlink_selinux_socket { getattr setattr };
+allow shell hwservicemanager:unix_dgram_socket { getattr setattr };
+allow shell vold:unix_dgram_socket { getattr setattr };
+allow shell vold:netlink_kobject_uevent_socket { getattr setattr };
+allow shell vold:fifo_file { getattr setattr };
+allow shell sysfs_power:file { getattr setattr };
+allow shell vndservicemanager:netlink_selinux_socket { getattr setattr };
+allow shell vndservicemanager:unix_dgram_socket { getattr setattr };
+allow shell tombstoned:unix_dgram_socket { getattr setattr };
+allow shell tombstoned:fifo_file { getattr setattr };
+allow shell carpowerpolicyd:unix_dgram_socket { getattr setattr };
+allow shell sysfs_wakeup_reasons:file { getattr setattr };
+allow shell evs_manager:unix_dgram_socket { getattr setattr };
+allow shell netd:netlink_kobject_uevent_socket { getattr setattr };
+allow shell sysfs_wakeup_reasons:file { getattr setattr };
+allow shell statsd:unix_dgram_socket { getattr setattr };
+allow shell keystore:netlink_selinux_socket { getattr setattr };
+allow shell keystore:unix_dgram_socket { getattr setattr };
+allow shell hal_atrace_default:unix_dgram_socket { getattr setattr };
+allow shell hal_bootctl_default:unix_dgram_socket { getattr setattr };
+allow shell hal_keymint_default:unix_dgram_socket { getattr setattr };
diff --git a/sensors/mediation/sensor_hal_default.te b/sensors/mediation/sensor_hal_default.te
@@ -4,8 +4,4 @@ allow hal_sensors_default self:socket create_socket_perms;
 allowxperm hal_sensors_default self:socket ioctl unpriv_sock_ioctls;
 allow hal_sensors_default serial_device:chr_file rw_file_perms;
 
-allow hal_sensors_default self:tcp_socket { create read write connect name_connect getopt setopt };
-dontaudit hal_sensors_default default_prop:file { open read getattr map };
-allow hal_sensors_default port:tcp_socket { name_connect };
-
-get_prop(hal_sensors_default, vendor_intel_ipaddr_prop)
+allow hal_sensors_default self:vsock_socket { create read write connect getopt setopt };
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#dgpu switch
		/vendor/bin/dGPU_switch.sh u:object_r:dgpu-switch_exec:s0