sepolicy: Add policy rules for untrusted_app27

Updated new policy rules for untrusted_app_context. This change allows apps to access our debug locations. Change-Id: I9a647ff6e303764a3280aed846e5cb9a4b80ef79
2019-07-01 18:56:30 +05:30
parent f48e75edbe
commit 828e434087
2 changed files with 36 additions and 2 deletions
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -31,7 +31,6 @@ dontaudit {
    bootanim
    system_app
    platform_app
-    untrusted_app_27
    zygote
    location_app
    location_app_test
--- a/generic/vendor/test/untrusted_app_27.te
+++ b/generic/vendor/test/untrusted_app_27.te
@@ -0,0 +1,35 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow untrusted_app_27 clients to access configuration settings
+userdebug_or_eng(`
+allow untrusted_app_27 sysfs_kgsl:dir search;
+r_dir_file(untrusted_app_27, sysfs_kgsl_snapshot);
+r_dir_file(untrusted_app_27, vendor_gles_data_file);
+allow untrusted_app_27 vendor_gles_data_file:dir rw_dir_perms;
+allow untrusted_app_27 vendor_gles_data_file:file rw_file_perms;
+')