Browse Source

[NFC] Correct SEPolicy rules & other minor fixes

main
Pekka Helenius 3 years ago
parent
commit
10f9d434e3
5 changed files with 146 additions and 31 deletions
  1. +145
    -0
      lineage_src_root/device/samsung/s5neolte/device.mk
  2. +1
    -0
      lineage_src_root/device/samsung/s5neolte/sepolicy/file_contexts
  3. +0
    -21
      lineage_src_root/device/samsung/s5neolte/sepolicy/nfc.te
  4. +0
    -1
      lineage_src_root/device/samsung/s5neolte/sepolicy/seapp_contexts
  5. +0
    -9
      lineage_src_root/hardware/samsung/nfc/1.2/android.hardware.nfc@1.2-service.samsung.rc

+ 145
- 0
lineage_src_root/device/samsung/s5neolte/device.mk View File

@ -0,0 +1,145 @@
#
# Copyright (C) 2018 The LineageOS Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
LOCAL_PATH := device/samsung/s5neolte
$(call inherit-product, $(SRC_TARGET_DIR)/product/languages_full.mk)
# Audio
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/configs/audio/mixer_paths.xml:$(TARGET_COPY_OUT_VENDOR)/etc/mixer_paths_0.xml \
$(LOCAL_PATH)/configs/audio/audio_effects.xml:$(TARGET_COPY_OUT_VENDOR)/etc/audio_effects.xml
# Boot animation
TARGET_BOOTANIMATION_PRELOAD := true
TARGET_BOOTANIMATION_TEXTURE_CACHE := true
TARGET_SCREEN_HEIGHT := 1920
TARGET_SCREEN_WIDTH := 1080
# Bluetooth
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/bluetooth/bt_vendor.conf:system/etc/bluetooth/bt_vendor.conf
PRODUCT_PACKAGES += \
android.hardware.bluetooth@1.0-service
# Camera
PRODUCT_PACKAGES += \
camera.universal7580 \
Snap
# hardware/samsung/AdvancedDisplay (MDNIE)
PRODUCT_PACKAGES += \
AdvancedDisplay
# Graphics
# Device uses high-density artwork where available
PRODUCT_AAPT_CONFIG := xlarge
PRODUCT_AAPT_PREF_CONFIG := xhdpi
# A list of dpis to select prebuilt apk, in precedence order.
PRODUCT_AAPT_PREBUILT_DPI := hdpi mdpi
# Key-layout
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/idc/Synaptics_HID_TouchPad.idc:system/usr/idc/Synaptics_HID_TouchPad.idc \
$(LOCAL_PATH)/idc/Synaptics_RMI4_TouchPad_Sensor.idc:system/usr/idc/Synaptics_RMI4_TouchPad_Sensor.idc \
$(LOCAL_PATH)/keylayout/Button_Jack.kl:system/usr/keylayout/Button_Jack.kl \
$(LOCAL_PATH)/keylayout/gpio_keys.kl:system/usr/keylayout/gpio_keys.kl \
$(LOCAL_PATH)/keylayout/sec_touchkey.kl:system/usr/keylayout/sec_touchkey.kl
# Livedisplay
PRODUCT_PACKAGES += \
vendor.lineage.livedisplay@2.0-service.samsung-exynos
# NFC
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/configs/nfc/libnfc-sec-hal.conf:$(TARGET_COPY_OUT_VENDOR)/etc/libnfc-sec-vendor.conf \
$(LOCAL_PATH)/configs/nfc/libnfc-sec.conf:system/etc/libnfc-nci.conf \
$(LOCAL_PATH)/configs/nfc/nfcee_access.xml:system/etc/nfcee_access.xml
PRODUCT_PACKAGES += \
libnfc-nci \
libnfc_nci_jni \
NfcNci \
Tag \
com.android.nfc_extras \
android.hardware.nfc@1.2-service.samsung
# Permissions
PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.hardware.bluetooth_le.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.bluetooth_le.xml \
frameworks/native/data/etc/android.hardware.camera.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.xml \
frameworks/native/data/etc/android.hardware.camera.flash-autofocus.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.flash-autofocus.xml \
frameworks/native/data/etc/android.hardware.sensor.accelerometer.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.accelerometer.xml \
frameworks/native/data/etc/android.hardware.sensor.proximity.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.proximity.xml \
frameworks/native/data/etc/android.hardware.telephony.gsm.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.telephony.gsm.xml \
frameworks/native/data/etc/android.software.midi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.midi.xml \
frameworks/native/data/etc/handheld_core_hardware.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/handheld_core_hardware.xml \
frameworks/native/data/etc/android.hardware.ethernet.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.ethernet.xml \
frameworks/native/data/etc/android.hardware.sensor.compass.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.compass.xml \
frameworks/native/data/etc/android.hardware.sensor.gyroscope.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.gyroscope.xml \
frameworks/native/data/etc/android.hardware.sensor.heartrate.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.heartrate.xml \
frameworks/native/data/etc/android.hardware.sensor.light.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.light.xml \
frameworks/native/data/etc/android.hardware.sensor.stepcounter.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.stepcounter.xml \
frameworks/native/data/etc/android.hardware.sensor.stepdetector.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.sensor.stepdetector.xml \
frameworks/native/data/etc/android.hardware.nfc.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.nfc.xml \
frameworks/native/data/etc/android.hardware.nfc.hce.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.nfc.hce.xml \
frameworks/native/data/etc/com.android.nfc_extras.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/com.android.nfc_extras.xml \
$(LOCAL_PATH)/configs/permissions/com.samsung.permission.HRM_EXT.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/com.samsung.permission.HRM_EXT.xml \
$(LOCAL_PATH)/configs/permissions/com.samsung.permission.SSENSOR.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/com.samsung.permission.SSENSOR.xml
# Ramdisk
PRODUCT_PACKAGES += \
init.target.rc
# Radio
PRODUCT_PACKAGES += \
libprotobuf-cpp-full \
libsecril-client \
modemloader \
libxml2 \
rild \
libril \
libreference-ril \
libsecril-client-sap \
android.hardware.radio@1.1 \
android.hardware.radio.deprecated@1.0
PRODUCT_COPY_FILES += \
device/samsung/universal7580-common/configs/init/rild.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/rild.legacy.rc
# Overlays
DEVICE_PACKAGE_OVERLAYS += $(LOCAL_PATH)/overlay
# Vendor security patch level
PRODUCT_PROPERTY_OVERRIDES += \
ro.lineage.build.vendor_security_patch=2017-03-01
# Wi-fi
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/configs/wifi/cred.conf:system/etc/wifi/cred.conf \
$(LOCAL_PATH)/configs/wifi/wpa_supplicant_overlay.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wifi/wpa_supplicant_overlay.conf \
$(LOCAL_PATH)/configs/wifi/p2p_supplicant_overlay.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wifi/p2p_supplicant_overlay.conf \
$(LOCAL_PATH)/configs/wifi/filter_ie:system/etc/wifi/filter_ie
# Properties
-include $(LOCAL_PATH)/system_prop.mk
# Inherit from universal7580-common
$(call inherit-product, device/samsung/universal7580-common/device-common.mk)
# call the proprietary setup
$(call inherit-product, vendor/samsung/s5neolte/s5neolte-vendor.mk)

+ 1
- 0
lineage_src_root/device/samsung/s5neolte/sepolicy/file_contexts View File

@ -0,0 +1 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@\d+\.\d+-service\.samsung u:object_r:hal_nfc_default_exec:s0

+ 0
- 21
lineage_src_root/device/samsung/s5neolte/sepolicy/nfc.te View File

@ -1,21 +0,0 @@
# Init transition.
allow init nfc:process transition;
# Vendor file accesses.
allow nfc vendor_file:file { entrypoint read };
allow init nfc:process { rlimitinh siginh noatsecure };
allow nfc hal_nfc_hwservice:hwservice_manager { add find };
allow nfc hidl_base_hwservice:hwservice_manager { add find };
allow nfc mediaserver_exec:file { read };
# TODO(b/36657258): Remove data_between_core_and_vendor_violators once
# hal_nfc no longer directly accesses /data owned by the nfc app.
typeattribute nfc data_between_core_and_vendor_violators;
# Data file accesses.
allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nfc_data_file:{ file lnk_file fifo_file } create_file_perms;
allow nfc nfc_data_file:dir { search read write create remove_name };

+ 0
- 1
lineage_src_root/device/samsung/s5neolte/sepolicy/seapp_contexts View File

@ -1 +0,0 @@
user=nfc seinfo=platform domain=nfc type=nfc_data_file

+ 0
- 9
lineage_src_root/hardware/samsung/nfc/1.2/android.hardware.nfc@1.2-service.samsung.rc View File

@ -1,9 +0,0 @@
service nfc_hal_service /vendor/bin/hw/android.hardware.nfc@1.2-service.samsung
interface android.hardware.nfc@1.2::INfc default
interface android.hardware.nfc@1.1::INfc default
interface android.hardware.nfc@1.0::INfc default
class hal
user nfc
group nfc
seclabel u:r:nfc:s0

Loading…
Cancel
Save