From bafcc5e3da665b5466ecfa542e4952347b43ff46 Mon Sep 17 00:00:00 2001
From: openharmony_ci <120357966@qq.com>
Date: Thu, 9 Mar 2023 12:08:59 +0000
Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E9=80=80=20'Pull=20Request=20!1841=20?=
 =?UTF-8?q?:=20modify=20selinux=20for=20RK3588'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sepolicy/base/te/appspawn.te         | 1 -
 sepolicy/base/te/bootanimation.te    | 2 +-
 sepolicy/base/te/ispserver.te        | 4 ++--
 sepolicy/base/te/normal_hap.te       | 2 +-
 sepolicy/base/te/render_service.te   | 2 +-
 sepolicy/base/te/system_basic_hap.te | 2 +-
 sepolicy/base/te/system_core_hap.te  | 2 +-
 7 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/sepolicy/base/te/appspawn.te b/sepolicy/base/te/appspawn.te
index a64c40ed9..93c2d5264 100644
--- a/sepolicy/base/te/appspawn.te
+++ b/sepolicy/base/te/appspawn.te
@@ -86,5 +86,4 @@ allow appspawn sys_usb_param:file { map open read };
 allow appspawn tmpfs:dir { add_name create mounton write };
 allow appspawn tmpfs:lnk_file { create };
 allow appspawn vendor_lib_file:dir { mounton };
-allow appspawn self:process execmem;
 allowxperm appspawn dev_at_file:chr_file ioctl { 0x4102 };
diff --git a/sepolicy/base/te/bootanimation.te b/sepolicy/base/te/bootanimation.te
index 927cfd2f1..76d5aeab1 100644
--- a/sepolicy/base/te/bootanimation.te
+++ b/sepolicy/base/te/bootanimation.te
@@ -72,7 +72,7 @@ allow bootanimation system_usr_file:file { getattr map open read };
 allow bootanimation sys_usb_param:file { map open read };
 allow bootanimation tracefs:dir { search };
 allow bootanimation tracefs_trace_marker_file:file { open write };
-allowxperm bootanimation dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8004 0x8005 0x8006 0x8007 0x800e 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8024 0x8025 0x8026 0x8027 0x800f 0x8029 0x802a 0x8031 0x802b 0x802c 0x802d 0x802e 0x802f 0x8030 0x8033 0x8034 0x8036};
+allowxperm bootanimation dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8004 0x8005 0x8006 0x8007 0x800e 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 0x800f };
 allow bootanimation chip_prod_file:dir { search };
 allow bootanimation sys_prod_file:dir { search };
 allow bootanimation vendor_bin_file:dir { search };
diff --git a/sepolicy/base/te/ispserver.te b/sepolicy/base/te/ispserver.te
index 015bc8fac..946b2a0fa 100644
--- a/sepolicy/base/te/ispserver.te
+++ b/sepolicy/base/te/ispserver.te
@@ -51,5 +51,5 @@ allow ispserver vendor_bin_file:file { entrypoint execute map read };
 allow ispserver vendor_etc_file:dir { search };
 allow ispserver vendor_etc_file:file { getattr open read };
 allowxperm ispserver dev_media_file:chr_file ioctl { 0x7c00 0x7c01 0x7c02 0x7c03 };
-allowxperm ispserver dev_v_file:chr_file ioctl { 0x5604 0x5605 0x5615 0x561c 0x5624 0x563d 0x563e 0x5659 0x565a 0x565b 0x56c0 0x56c5 0x56c8 0x56c9 0x56d4 0x56d6 0x564b 0x56c3 };
-allowxperm ispserver dev_video_file:chr_file ioctl { 0x5600 0x5604 0x5605 0x5608 0x5609 0x560f 0x5610 0x5611 0x5612 0x5613 0x5659 0x565a 0x5611 0x565b };
+allowxperm ispserver dev_v_file:chr_file ioctl { 0x5604 0x5605 0x5615 0x561c 0x5624 0x563d 0x563e 0x5659 0x565a 0x565b 0x56c0 0x56c5 0x56c8 0x56c9 };
+allowxperm ispserver dev_video_file:chr_file ioctl { 0x5600 0x5604 0x5605 0x5608 0x5609 0x560f 0x5610 0x5611 0x5612 0x5613 0x5659 0x565a };
diff --git a/sepolicy/base/te/normal_hap.te b/sepolicy/base/te/normal_hap.te
index 442fac09d..dea003384 100644
--- a/sepolicy/base/te/normal_hap.te
+++ b/sepolicy/base/te/normal_hap.te
@@ -117,7 +117,7 @@ allow normal_hap_attr telephony_sa:binder { call };
 allow normal_hap_attr tmpfs:lnk_file { create };
 allow normal_hap_attr tracefs:dir { search };
 allow normal_hap_attr tracefs_trace_marker_file:file { open write };
-allowxperm normal_hap_attr dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800c 0x800e 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 0x8024 0x8025 0x8027 0x8030 0x8033 0x8034 0x8036 0x802a 0x802c 0x802d 0x802f 0x8014 };
+allowxperm normal_hap_attr dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800c 0x800e 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 };
 allowxperm normal_hap_attr normal_hap_data_file_attr:file ioctl { 0x5413 0xf50c };
 binder_call(normal_hap_attr system_basic_hap);
 allow normal_hap_attr dev_asanlog_file:dir { rw_dir_perms };
diff --git a/sepolicy/base/te/render_service.te b/sepolicy/base/te/render_service.te
index 5a1e48d85..6de457330 100644
--- a/sepolicy/base/te/render_service.te
+++ b/sepolicy/base/te/render_service.te
@@ -66,5 +66,5 @@ allow render_service tracefs_trace_marker_file:file { open write };
 allow render_service ui_service:binder { call transfer };
 allow render_service ui_service:fd { use };
 allowxperm render_service dev_dri_file:chr_file ioctl { 0x640d 0x6411 0x641e 0x641f 0x642d 0x64a0 0x64a1 0x64a6 0x64a7 0x64aa 0x64b2 0x64b4 0x64b5 0x64b6 0x64b9 };
-allowxperm render_service dev_mali:chr_file ioctl { 0x8000 0x8001 0x8003 0x8005 0x800e 0x8011 0x8018 0x8024 0x8026 0x8027 0x8029 0x802a 0x802b 0x802c 0x802d 0x802e 0x800f 0x8030 0x8031 0x8033 0x8034 0x8036 };
+allowxperm render_service dev_mali:chr_file ioctl { 0x8000 0x8001 0x8003 0x8005 0x800e 0x8011 0x8026 0x800f };
 allowxperm render_service dev_rga:chr_file ioctl { 0x601b };
diff --git a/sepolicy/base/te/system_basic_hap.te b/sepolicy/base/te/system_basic_hap.te
index dfaccb60a..377a60c4f 100644
--- a/sepolicy/base/te/system_basic_hap.te
+++ b/sepolicy/base/te/system_basic_hap.te
@@ -127,7 +127,7 @@ allow system_basic_hap updater_sa:binder { call transfer };
 allow system_basic_hap useriam:binder { call transfer };
 allow system_basic_hap wallpaper_service:binder { call transfer };
 allow system_basic_hap wallpaper_service:fd { use };
-allowxperm system_basic_hap dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x800e 0x8011 0x8014 0x8016 0x8018 0x8019 0x801d 0x801e 0x8024 0x8025 0x8026 0x8027 0x802a 0x802c 0x802d 0x802f 0x8030 0x8033 0x8034 0x8036 };
+allowxperm system_basic_hap dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x800e 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 };
 allowxperm system_basic_hap system_basic_hap_data_file:file ioctl { 0x5413 0xf50c };
 binder_call(system_basic_hap normal_hap_attr);
 allow system_basic_hap sa_locationhub_lbsservice_gnss:samgr_class { get };
diff --git a/sepolicy/base/te/system_core_hap.te b/sepolicy/base/te/system_core_hap.te
index bbe75b4e5..d460ba6d4 100644
--- a/sepolicy/base/te/system_core_hap.te
+++ b/sepolicy/base/te/system_core_hap.te
@@ -117,5 +117,5 @@ allow system_core_hap sys_usb_param:file { map open read };
 allow system_core_hap tracefs:dir { search };
 allow system_core_hap tracefs_trace_marker_file:file { open write };
 allowxperm system_core_hap dev_dri_file:chr_file ioctl { 0x641f };
-allowxperm system_core_hap dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x800e 0x8011 0x8014 0x8016 0x8018 0x8019 0x801d 0x801e 0x8024 0x8025 0x8026 0x8027 0x802a 0x802c 0x802d 0x802f 0x8030 0x8033 0x8034 0x8036 };
+allowxperm system_core_hap dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800e 0x800f 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 };
 allowxperm system_core_hap system_core_hap_data_file:file ioctl { 0x5413 0xf50c };
-- 
Gitee