sepolicy: update sepolicy for rmt_storage and tftp_server

This change defines the sepolicy rules for rmt_storage and tftp_server

Change-Id: Iaabd434e98909ff043d9e20418382630b4539ec6

vendor/common/device.te

@@ -13,6 +13,7 @@ type hvdcp_device, dev_type;
 type ipa_dev, dev_type;
 type latency_device, dev_type;
 type modem_block_device, dev_type;
+type modem_efs_partition_device, dev_type;
 type mdtp_device, dev_type;
 type persist_block_device, dev_type;
 type qsee_ipc_irq_spss_device, dev_type;

vendor/common/file.te

@@ -20,7 +20,6 @@ type sysfs_msm_perf, fs_type, sysfs_type;
 type sysfs_msm_power, fs_type, sysfs_type;
 type sysfs_msm_stats, fs_type, sysfs_type;
 type sysfs_msm_subsys_restart, sysfs_type, fs_type;
-type sysfs_rmtfs, sysfs_type, fs_type;
 type sysfs_sensors, sysfs_type, fs_type;
 type sysfs_sectouch, sysfs_type, fs_type;
 type sysfs_soc, sysfs_type, fs_type;
@@ -76,18 +75,20 @@ type persist_file, file_type, vendor_persist_type;
 type persist_data_file, file_type , vendor_persist_type;
 type persist_display_file, file_type;
 type persist_drm_file, file_type, vendor_persist_type;
-type persist_elabel_file, file_type;
-type persist_haptics_file, file_type;
-type persist_rfs_file, file_type;
-type persist_sensors_file, file_type;
-type persist_time_file, file_type;
-type persist_audio_file, file_type;
+type persist_elabel_file, file_type, vendor_persist_type;
+type persist_haptics_file, file_type, vendor_persist_type;
+type persist_rfs_file, file_type, vendor_persist_type;
+type persist_rfs_shared_hlos_file, file_type, vendor_persist_type;
+type persist_sensors_file, file_type, vendor_persist_type;
+type persist_time_file, file_type, vendor_persist_type;
+type persist_audio_file, file_type, vendor_persist_type;
 type persist_bluetooth_file, file_type, vendor_persist_type;
 
 type netmgr_data_file, file_type, data_file_type;
 type netmgr_recovery_data_file, file_type, data_file_type;
 type ipa_vendor_data_file, file_type, data_file_type;
 
+type vendor_tombstone_data_file, file_type, data_file_type;
 type vendor_camera_data_file, file_type, data_file_type;
 type display_vendor_data_file, file_type, data_file_type;
 type nfc_vendor_data_file, file_type, data_file_type;
@@ -111,9 +112,6 @@ type sysfs_diag, fs_type, sysfs_type;
 
 type hexagon_halide_file, vendor_file_type, file_type;
 
-# rfs_file
-type rfs_file, file_type, data_file_type;
-
 # vendor media files
 type vendor_media_data_file, file_type, data_file_type;
 

vendor/common/file_contexts

@@ -208,6 +208,7 @@
 /data/vendor/connectivity(/.*)?        u:object_r:cnd_data_file:s0
 /data/vendor/misc/qsee(/.*)?           u:object_r:data_qsee_file:s0
 /data/vendor/tui(/.*)?                 u:object_r:vendor_tui_data_file:s0
+/data/vendor/tombstones/rfs(/.*)?       u:object_r:vendor_tombstone_data_file:s0
 
 /data/vendor/mdmhelperdata(/.*)?       u:object_r:vendor_mdmhelperdata_data_file:s0
 
@@ -225,7 +226,7 @@
 /mnt/vendor/persist/drm(/.*)?        u:object_r:persist_drm_file:s0
 /mnt/vendor/persist/elabel(/.*)?     u:object_r:persist_elabel_file:s0
 /mnt/vendor/persist/haptics(/.*)?    u:object_r:persist_haptics_file:s0
-/mnt/vendor/persist/hlos_rfs(/.*)?   u:object_r:persist_rfs_file:s0
+/mnt/vendor/persist/hlos_rfs(/.*)?   u:object_r:persist_rfs_shared_hlos_file:s0
 /mnt/vendor/persist/rfs(/.*)?        u:object_r:persist_rfs_file:s0
 /mnt/vendor/persist/sensors(/.*)?    u:object_r:persist_sensors_file:s0
 /mnt/vendor/persist/time(/.*)?       u:object_r:persist_time_file:s0
@@ -256,12 +257,6 @@
 
 /(vendor|system/vendor)/bin/hbtp_daemon         u:object_r:hbtp_exec:s0
 
-# sysfs_uio_file
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)?        u:object_r:sysfs_uio_file:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)?    u:object_r:sysfs_uio_file:s0
-/sys/devices(/platform)?/soc.0/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)?        u:object_r:sysfs_uio_file:s0
-/sys/devices(/platform)?/soc.0/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)?    u:object_r:sysfs_uio_file:s0
-
 # sysfs_graphics
 /sys/class/graphics/fb0/mdp/caps                                    u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/idle_time                  u:object_r:sysfs_graphics:s0

vendor/common/genfs_contexts

@@ -11,7 +11,6 @@ genfscon sysfs /kernel/irq_helper/irq_blacklist_on    u:object_r:sysfs_irqbalanc
 genfscon sysfs /kernel/wcd_cpe0                                         u:object_r:sysfs_audio:s0
 genfscon sysfs /class/uio                                               u:object_r:sysfs_uio:s0
 genfscon sysfs /devices/soc/soc:bt_wcn3990                              u:object_r:sysfs_bluetooth_writable:s0
-genfscon sysfs /devices/soc/a1800000.qcom,rmtfs_rtel_sharedmem          u:object_r:sysfs_rmtfs:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq 		u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq 	u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu2/devfreq 	u:object_r:sysfs_devfreq:s0
@@ -35,7 +34,7 @@ genfscon sysfs /devices/platform/soc/c1b5000.i2c/i2c-7/7-0030/leds
 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pmi8998@3:qcom,leds@d000/leds u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000                    u:object_r:sysfs_data:s0
-genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem                      u:object_r:sysfs_rmtfs:s0
+genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem/uio		u:object_r:sysfs_uio_file:s0
 genfscon sysfs /devices/platform/soc/soc:fp_fpc1020                              u:object_r:sysfs_fingerprint:s0
 genfscon sysfs /devices/virtual/wahoo_laser                             u:object_r:sysfs_laser:s0
 genfscon sysfs /module/cpu_boost                                        u:object_r:sysfs_cpu_boost:s0

vendor/common/rfs_access.te

@@ -8,16 +8,22 @@ allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service
 
 wakelock_use(rfs_access)
 
-type_transition rfs_access persist_file:{ dir file } persist_rfs_file;
+type_transition rfs_access mnt_vendor_file:{ dir file } persist_rfs_file;
+type_transition rfs_access mnt_vendor_file:dir persist_rfs_shared_hlos_file "hlos_rfs";
 
-# For tftp server file access
-allow rfs_access firmware_file:dir search;
-allow rfs_access firmware_file:file r_file_perms;
+r_dir_file(rfs_access, firmware_file);
 
-allow rfs_access persist_file:dir create_dir_perms;
+allow rfs_access mnt_vendor_file:dir create_dir_perms;
 
 allow rfs_access persist_rfs_file:dir search;
 allow rfs_access persist_rfs_file:dir create_dir_perms;
 allow rfs_access persist_rfs_file:file create_file_perms;
+allow rfs_access persist_rfs_shared_hlos_file:dir create_dir_perms;
+allow rfs_access persist_rfs_shared_hlos_file:file create_file_perms;
+
+#For QMI sockets and IPCR Sockets
+allow rfs_access self:{ socket qipcrtr_socket } create_socket_perms_no_ioctl;
+
+allow rfs_access vendor_tombstone_data_file:dir create_dir_perms;
+allow rfs_access vendor_tombstone_data_file:file create_file_perms;
 
-allow rfs_access self:socket create_socket_perms_no_ioctl;

vendor/common/rmt_storage.te

@@ -9,16 +9,11 @@ allow rmt_storage self:capability { net_bind_service setgid setpcap setuid };
 
 set_prop(rmt_storage, ctl_vendor_rmt_storage_prop)
 
-allow rmt_storage modem_block_device:blk_file rw_file_perms;
+allow rmt_storage cgroup:dir create_dir_perms;
 allow rmt_storage uio_device:chr_file rw_file_perms;
-allow rmt_storage block_device:dir search;
 
-allow rmt_storage sysfs_rmtfs:dir search;
-allow rmt_storage sysfs_rmtfs:file r_file_perms;
-allow rmt_storage sysfs_rmtfs:dir search;
-
-allow rmt_storage self:socket create_socket_perms;
-allowxperm rmt_storage self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
+allow rmt_storage self:{ socket qipcrtr_socket } create_socket_perms;
+allowxperm rmt_storage self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
 
 allow rmt_storage kmsg_device:chr_file w_file_perms;
 
@@ -28,7 +23,7 @@ r_dir_file(rmt_storage, sysfs_uio_file)
 allow rmt_storage block_device:dir r_dir_perms;
 
 allow rmt_storage {
-    modem_block_device
+    modem_efs_partition_device
     ssd_block_device
 }:blk_file rw_file_perms;
 

vendor/sdm845/file_contexts

@@ -55,10 +55,10 @@
 
 /dev/block/platform/soc/1d84000\.ufshc/by-name/frp             u:object_r:frp_block_device:s0
 
-/dev/block/platform/soc/1d84000\.ufshc/by-name/fsc             u:object_r:modem_block_device:s0
-/dev/block/platform/soc/1d84000\.ufshc/by-name/fsg             u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/fsc             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/fsg             u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/soc/1d84000\.ufshc/by-name/modem_[ab]      u:object_r:modem_block_device:s0
-/dev/block/platform/soc/1d84000\.ufshc/by-name/modemst[12]     u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/modemst[12]     u:object_r:modem_efs_partition_device:s0
 
 /dev/block/platform/soc/1d84000.ufshc/by-name/persist          u:object_r:persist_block_device:s0