Merge "qwes: Allow ssgtzd to access QWES data path"

qva/vendor/common/file.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -33,6 +33,9 @@ type vendor_persist_secnvm_file, file_type , vendor_persist_type;
 #mink-lowi-interface-daemon (mlid) socket
 type vendor_mlid_socket, file_type, mlstrustedobject;
 
+#Wireless Edge Service (QWES) socket and files
+type vendor_qwesd_socket, file_type, mlstrustedobject;
+type vendor_qwes_data_file, file_type, data_file_type;
 #ssg qmi gateway daemon socket
 type vendor_ssgqmig_socket, file_type, mlstrustedobject;
 

qva/vendor/common/file_contexts

@@ -52,6 +52,7 @@
 #
 /dev/socket/iop                                 u:object_r:vendor_iop_socket:s0
 /dev/socket/mlid                                u:object_r:vendor_mlid_socket:s0
+/dev/socket/qwes_ipc                            u:object_r:vendor_qwesd_socket:s0
 /dev/socket/ssgqmig                             u:object_r:vendor_ssgqmig_socket:s0
 /dev/socket/ssgtzd                              u:object_r:vendor_ssgtzd_socket:s0
 /dev/socket/adpl_cmd_uds_file                   u:object_r:vendor_dataadpl_socket:s0
@@ -181,6 +182,7 @@
 /data/vendor/dataqti(/.*)?                                          u:object_r:vendor_qti_data_file:s0
 /data/vendor/qdmastats(/.*)?                                        u:object_r:vendor_qcc_trd_data_file:s0
 /data/vendor/qdma(/.*)?                                             u:object_r:vendor_qcc_trd_data_file:s0
+/data/vendor/qwes(/.*)?                                             u:object_r:vendor_qwes_data_file:s0
 /data/vendor/vpp(/.*)?                                              u:object_r:vendor_vpp_data_file:s0
 /data/vendor/wifi/wigig_hostapd(/.*)?                               u:object_r:vendor_wigig_hostapd_socket:s0
 /data/vendor/lm(/.*)?                                               u:object_r:vendor_lm_data_file:s0

qva/vendor/common/ssgtzd.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -38,3 +38,13 @@ allow vendor_ssgtzd vendor_ssg_app:unix_stream_socket connectto;
 #Allow access to firmware/image
 allow vendor_ssgtzd vendor_firmware_file:dir r_dir_perms;
 allow vendor_ssgtzd vendor_firmware_file:file r_file_perms;
+#Allow ssgtzd to create sockets for HTTP
+allow vendor_ssgtzd self:udp_socket create_socket_perms;
+
+# Allow ssgtzd to write state information to /data/vendor/qwes/qwesd.conf
+allow vendor_ssgtzd vendor_qwes_data_file:dir rw_dir_perms;
+allow vendor_ssgtzd vendor_qwes_data_file:file rw_file_perms;
+
+# Allow access to qipcrtr_socket
+# Remove this when QMI service moves to pfmd
+allow vendor_ssgtzd self:qipcrtr_socket create_socket_perms_no_ioctl;