Sepolicy: add support for capabilityconfigstore

1. Define domain for capabilityconfigstore 3. Add type for /data/vendor/configstore folder 4. Allow capabilityconfigstore HIDL Server access/r/w it. Change-Id: Ic5fdf44f55d2647d34c9bdf574d60bc445256a48
2019-02-08 11:20:53 -08:00
parent e6c6ac2997
commit 26ff9f0b2b
11 changed files with 87 additions and 2 deletions
--- a/generic/vendor/common/attributes
+++ b/generic/vendor/common/attributes
@@ -51,3 +51,7 @@ attribute hal_display_postproc_server;

 # All types in /mnt/vendor/persist
 attribute vendor_persist_type;
+
+attribute hal_capabilityconfigstore_qti;
+attribute hal_capabilityconfigstore_qti_client;
+attribute hal_capabilityconfigstore_qti_server;
--- a/generic/vendor/common/file.te
+++ b/generic/vendor/common/file.te
@@ -129,6 +129,9 @@ type vendor_firmware_file, vendor_file_type, file_type;
 type bt_firmware_file, file_type, contextmount_type, vendor_file_type;
 type vendor_mdmhelperdata_data_file, file_type, data_file_type;

+#vendor capability configstore hal
+type vendor_capabilityconfigstore_data_file, file_type, data_file_type;
+
 #widevine data file
 type mediadrm_vendor_data_file, file_type, data_file_type;

--- a/generic/vendor/common/file_contexts
+++ b/generic/vendor/common/file_contexts
@@ -163,6 +163,7 @@
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:hal_tui_comm_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qdutils_disp@1\.0-service-qti u:object_r:hal_qdutils_disp_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@1\.0-service       u:object_r:hal_perf_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.capabilityconfigstore@1\.0-service u:object_r:hal_capabilityconfigstore_qti_default_exec:s0
 /vendor/bin/hw/vendor\.display\.color@1\.0-service            u:object_r:hal_display_color_default_exec:s0
 /vendor/bin/hw/vendor\.qti\.media\.c2@1\.0-service               u:object_r:mediacodec_exec:s0
 /vendor/bin/hw/hardware\.google\.media\.c2@1\.0-service-software u:object_r:mediacodec_exec:s0
--- a/generic/vendor/common/hwservice.te
+++ b/generic/vendor/common/hwservice.te
@@ -41,3 +41,4 @@ type hal_tui_comm_hwservice, hwservice_manager_type;
 type hal_qdutils_disp_hwservice, hwservice_manager_type;
 type hal_display_color_hwservice, hwservice_manager_type;
 type hal_display_postproc_hwservice, hwservice_manager_type;
+type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
--- a/generic/vendor/common/hwservice_contexts
+++ b/generic/vendor/common/hwservice_contexts
@@ -39,6 +39,7 @@ vendor.display.config::IDisplayConfig                           u:object_r:hal_d
 vendor.display.color::IDisplayColor                             u:object_r:hal_display_color_hwservice:s0
 vendor.display.postproc::IDisplayPostproc                       u:object_r:hal_display_postproc_hwservice:s0
 vendor.qti.hardware.data.iwlan::IIWlan                          u:object_r:hal_iwlan_hwservice:s0
+vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore     u:object_r:hal_capabilityconfigstore_qti_hwservice:s0
 vendor.qti.hardware.improvetouch.touchcompanion::ITouchCompanion       u:object_r:hal_hbtp_hwservice:s0
 vendor.qti.hardware.improvetouch.gesturemanager::IGestureManager       u:object_r:hal_hbtp_hwservice:s0
 vendor.qti.hardware.improvetouch.blobmanager::IBlobManager             u:object_r:hal_hbtp_hwservice:s0
--- a/generic/vendor/common/property.te
+++ b/generic/vendor/common/property.te
@@ -72,6 +72,9 @@ type vendor_ssr_prop, property_type;
 #ss-services (PD)
 type vendor_pd_locater_dbg_prop, property_type;

+#capabilityconfigstore hal (CCHAL)
+type vendor_cap_configstore_dbg_prop, property_type;
+
 #rmt_storage
 type ctl_vendor_rmt_storage_prop, property_type;

--- a/generic/vendor/common/property_contexts
+++ b/generic/vendor/common/property_contexts
@@ -94,6 +94,9 @@ persist.vendor.ssr.    u:object_r:vendor_ssr_prop:s0
 #ss-services (PD)
 persist.vendor.pd_locater_debug    u:object_r:vendor_pd_locater_dbg_prop:s0

+#capabilityconfigstore (CCHAL)
+persist.vendor.cap_configstore_debug    u:object_r:vendor_cap_configstore_dbg_prop:s0
+
 #rmt_storage
 ctl.vendor.rmt_storage     u:object_r:ctl_vendor_rmt_storage_prop:s0

--- a/generic/vendor/common/system_app.te
+++ b/generic/vendor/common/system_app.te
@@ -36,3 +36,4 @@ hal_client_domain(system_app, hal_qdutils_disp);
 hal_client_domain(system_app, hal_tui_comm);

 get_prop(system_app, vendor_radio_prop)
+hal_client_domain(system_app, hal_capabilityconfigstore_qti);
--- a/generic/vendor/common/vendor_hal_capabilityconfigstore_qti.te
+++ b/generic/vendor/common/vendor_hal_capabilityconfigstore_qti.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(hal_capabilityconfigstore_qti_client, hal_capabilityconfigstore_qti_server)
+binder_call(hal_capabilityconfigstore_qti_server, hal_capabilityconfigstore_qti_client)
+
+hal_attribute_hwservice(hal_capabilityconfigstore_qti, hal_capabilityconfigstore_qti_hwservice)
--- a/generic/vendor/common/vendor_hal_capabilityconfigstore_qti_default.te
+++ b/generic/vendor/common/vendor_hal_capabilityconfigstore_qti_default.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type hal_capabilityconfigstore_qti_default, domain;
+hal_server_domain(hal_capabilityconfigstore_qti_default, hal_capabilityconfigstore_qti)
+
+type hal_capabilityconfigstore_qti_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_capabilityconfigstore_qti_default)
+
+allow hal_capabilityconfigstore_qti_default vendor_capabilityconfigstore_data_file:file rw_file_perms;
+allow hal_capabilityconfigstore_qti_default vendor_capabilityconfigstore_data_file:dir rw_dir_perms;
+userdebug_or_eng(`get_prop(hal_capabilityconfigstore_qti_default, vendor_cap_configstore_dbg_prop)')
+
--- a/qva/vendor/common/qti.te
+++ b/qva/vendor/common/qti.te
@@ -39,6 +39,6 @@ allow qti self:{
 allow qti vendor_shell_exec:file rx_file_perms;

 # Allow write permissions for log file
-userdebug_or_eng('
+userdebug_or_eng(`
    allow qti vendor_qti_data_file:file create_file_perms;
-')
+')