277a20ebec
The CL splits /vendor labeling from /system. Which was allowing all processes read, execute access to /vendor. Following directories will remain world readable /vendor/etc /vendor/lib(64)/hw/ Following are currently world readable but their scope will be minimized to platform processes that require access /vendor/app /vendor/framework/ /vendor/overlay Files labelled with 'same_process_hal_file' are allowed to be read + executed from by the world. This is for Same process HALs and their dependencies. Bug: 36527360 Bug: 36832490 Bug: 36681210 Bug: 36680116 Bug: 36690845 Bug: 36697328 Bug: 36696623 Bug: 36806861 Bug: 36656392 Bug: 36696623 Bug: 36792803 All of the tests were done on sailfish, angler, bullhead, dragon Test: Boot and connect to wifi Test: Run chrome and load websites, play video in youtube, load maps w/ current location, take pictures and record video in camera, playback recorded video. Test: Connect to BT headset and ensure BT audio playback works. Test: OTA sideload using recovery Test: CTS SELinuxHostTest pass Change-Id: I278435b72f7551a28f3c229f720ca608b77a7029 Signed-off-by: Sandeep Patil <sspatil@google.com>
47 lines
4.1 KiB
Plaintext
47 lines
4.1 KiB
Plaintext
#############################
|
|
# Default HALs
|
|
#
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.0-service u:object_r:hal_configstore_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service u:object_r:hal_gnss_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.1-service u:object_r:hal_graphics_composer_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service u:object_r:hal_thermal_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0
|
|
/(vendor|system/vendor)/bin/vndservicemanager u:object_r:vndservicemanager_exec:s0
|
|
|
|
#############################
|
|
# Same process HALs installed by platform into /vendor
|
|
#
|
|
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl\.so u:object_r:same_process_hal_file:s0
|
|
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.renderscript@1\.0-impl\.so u:object_r:same_process_hal_file:s0
|
|
|
|
#############################
|
|
# Data files
|
|
#
|
|
/data/misc/wifi/hostapd(/.*)? u:object_r:hostapd_socket:s0
|