Sepolicy: Adding SEpolicy for IOP
Adding SEPolicy for IOP. CRs-Fixed: 2419687 Change-Id: Ia3f53f4aeaaa2cb12bb534ef3bd51daa60ed3d95
This commit is contained in:
Karthik Gopalan
1
legacy/vendor/common/hal_iop_default.te
vendored
1
legacy/vendor/common/hal_iop_default.te
vendored
@@ -37,6 +37,7 @@ binder_call(hal_iop_client, hal_iop_server)
|
||||
# Add hwservice related rules
|
||||
add_hwservice(hal_iop_server, hal_iop_hwservice)
|
||||
allow hal_iop_client hal_iop_hwservice:hwservice_manager find;
|
||||
allow hal_iop_client hal_perf_hwservice:hwservice_manager find;
|
||||
|
||||
#Allow access for vendor property
|
||||
get_prop(hal_iop, vendor_iop_prop)
|
||||
|
||||
29
qva/vendor/common/app.te
vendored
Normal file
29
qva/vendor/common/app.te
vendored
Normal file
@@ -0,0 +1,29 @@
|
||||
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
# * Neither the name of The Linux Foundation nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#Add app permissions for iop property access
|
||||
get_prop(appdomain, vendor_iop_prop)
|
||||
4
qva/vendor/common/file.te
vendored
4
qva/vendor/common/file.te
vendored
@@ -66,6 +66,10 @@ type sysfs_mpctl, fs_type, sysfs_type;
|
||||
type mpctl_socket, file_type, mlstrustedobject;
|
||||
type mpctl_data_file, file_type, data_file_type;
|
||||
|
||||
#IOP
|
||||
type iop_socket, file_type;
|
||||
type iop_data_file, file_type, data_file_type;
|
||||
|
||||
#Define the files used by lm
|
||||
type lm_data_file, file_type, data_file_type;
|
||||
|
||||
|
||||
2
qva/vendor/common/file_contexts
vendored
2
qva/vendor/common/file_contexts
vendored
@@ -44,6 +44,7 @@
|
||||
###################################
|
||||
# Dev socket nodes
|
||||
#
|
||||
/dev/socket/iop u:object_r:iop_socket:s0
|
||||
/dev/socket/mlid u:object_r:mlid_socket:s0
|
||||
/dev/socket/ssgqmig u:object_r:ssgqmig_socket:s0
|
||||
/dev/socket/ssgtzd u:object_r:ssgtzd_socket:s0
|
||||
@@ -116,6 +117,7 @@
|
||||
###################################
|
||||
# data files
|
||||
#
|
||||
/data/vendor/iop(/.*)? u:object_r:iop_data_file:s0
|
||||
/data/vendor/misc/qti_fp(/.*)? u:object_r:qfp-daemon_data_file:s0
|
||||
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
|
||||
/data/vendor/wifi/sockets(/.*)? u:object_r:wifi_vendor_wpa_socket:s0
|
||||
|
||||
12
qva/vendor/common/hal_iop_default.te
vendored
12
qva/vendor/common/hal_iop_default.te
vendored
@@ -36,3 +36,15 @@ binder_call(hal_iop_client, hal_iop_server)
|
||||
# Add hwservice related rules
|
||||
add_hwservice(hal_iop_server, hal_iop_hwservice)
|
||||
allow hal_iop_client hal_iop_hwservice:hwservice_manager find;
|
||||
allow hal_iop_client hal_perf_hwservice:hwservice_manager find;
|
||||
|
||||
#Allow access for vendor property
|
||||
get_prop(hal_iop, vendor_iop_prop)
|
||||
get_prop(hal_iop, vendor_mpctl_prop)
|
||||
|
||||
# Allow access for /proc
|
||||
allow hal_iop_default proc:file r_file_perms;
|
||||
|
||||
#Allow Access for /data/vendor/iop
|
||||
allow hal_iop iop_data_file:dir rw_dir_perms;
|
||||
allow hal_iop iop_data_file:file create_file_perms;
|
||||
|
||||
6
qva/vendor/common/system_server.te
vendored
6
qva/vendor/common/system_server.te
vendored
@@ -30,3 +30,9 @@ hal_client_domain(system_server, hal_perf)
|
||||
hal_client_domain(system_server, hal_iop)
|
||||
|
||||
allow system_server proc_audiod:file r_file_perms;
|
||||
|
||||
# allow system_server to access IOP HAL service
|
||||
hal_client_domain(system_server, hal_iop)
|
||||
|
||||
# allow system_server to access vendor display property.
|
||||
get_prop(system_server, vendor_iop_prop)
|
||||
|
||||
Reference in New Issue
Block a user