qcom: sdm845: Added sepolicy changes for TUI HIDL service

Change-Id: Ia96f9ea3992633bc3390143347365fff1fed3c79
2018-03-22 05:15:47 +05:30
parent 4616be8883
commit fb993fb687
8 changed files with 107 additions and 0 deletions
--- a/vendor/common/attributes
+++ b/vendor/common/attributes
@@ -32,3 +32,11 @@ attribute hal_hbtp_server;
 attribute hal_perf;
 attribute hal_perf_client;
 attribute hal_perf_server;
+
+attribute hal_qdutils_disp;
+attribute hal_qdutils_disp_client;
+attribute hal_qdutils_disp_server;
+
+attribute hal_tui_comm;
+attribute hal_tui_comm_client;
+attribute hal_tui_comm_server;
--- a/vendor/common/file_contexts
+++ b/vendor/common/file_contexts
@@ -129,6 +129,8 @@
 /vendor/bin/hw/android\.hardware\.gnss@1\.1-service-qti              u:object_r:hal_gnss_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti         u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:hal_tui_comm_qti_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qdutils_disp@1\.0-service-qti u:object_r:hal_qdutils_disp_qti_exec:s0

 ###############################################
 # same-process HAL files and their dependencies
--- a/vendor/common/hal_qdutils_disp_qti.te
+++ b/vendor/common/hal_qdutils_disp_qti.te
@@ -0,0 +1,42 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type hal_qdutils_disp_qti, domain;
+hal_server_domain(hal_qdutils_disp_qti, hal_qdutils_disp)
+
+type hal_qdutils_disp_qti_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(hal_qdutils_disp_qti)
+
+binder_call(hal_qdutils_disp_client, hal_qdutils_disp_server)
+binder_call(hal_qdutils_disp_server, hal_qdutils_disp_client)
+
+add_hwservice(hal_qdutils_disp_server, hal_qdutils_disp_hwservice)
+allow hal_qdutils_disp_client hal_qdutils_disp_hwservice:hwservice_manager find;
+vndbinder_use(hal_qdutils_disp_qti);
+allow hal_qdutils_disp_qti qdisplay_service:service_manager find;
+#hal_client_domain(hal_qdutils_disp_qti, hal_display_config);
+hal_client_domain(hal_qdutils_disp_qti, hal_graphics_composer);
--- a/vendor/common/hal_tui_comm_qti.te
+++ b/vendor/common/hal_tui_comm_qti.te
@@ -0,0 +1,39 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type hal_tui_comm_qti, domain;
+hal_server_domain(hal_tui_comm_qti, hal_tui_comm)
+
+type hal_tui_comm_qti_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(hal_tui_comm_qti)
+
+binder_call(hal_tui_comm_client, hal_tui_comm_server)
+binder_call(hal_tui_comm_server, hal_tui_comm_client)
+
+add_hwservice(hal_tui_comm_server, hal_tui_comm_hwservice)
+allow hal_tui_comm_client hal_tui_comm_hwservice:hwservice_manager find;
+hal_client_domain(hal_tui_comm_qti, hal_graphics_allocator);
--- a/vendor/common/hwservice.te
+++ b/vendor/common/hwservice.te
@@ -5,3 +5,5 @@ type hal_imsrtp_hwservice, hwservice_manager_type;
 type hal_ipacm_hwservice, hwservice_manager_type;
 type hal_hbtp_hwservice, hwservice_manager_type;
 type hal_perf_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
+type hal_tui_comm_hwservice, hwservice_manager_type;
+type hal_qdutils_disp_hwservice, hwservice_manager_type;
--- a/vendor/common/hwservice_contexts
+++ b/vendor/common/hwservice_contexts
@@ -22,3 +22,5 @@ vendor.qti.hardware.radio.uim::IUim                             u:object_r:hal_t
 vendor.qti.hardware.radio.uim_remote_client::IUimRemoteServiceClient u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.uim_remote_server::IUimRemoteServiceServer u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.display.allocator::IQtiAllocator         u:object_r:hal_graphics_allocator_hwservice:s0
+vendor.qti.hardware.tui_comm::ITuiComm                       u:object_r:hal_tui_comm_hwservice:s0
+vendor.qti.hardware.qdutils_disp::IQdutilsDisp               u:object_r:hal_qdutils_disp_hwservice:s0
--- a/vendor/common/system_app.te
+++ b/vendor/common/system_app.te
@@ -12,3 +12,7 @@ allow system_app elabel_data_file:file r_file_perms;

 # Allow hbtp hal Service to be found
 hal_client_domain(system_app, hal_hbtp)
+
+#secureUI
+hal_client_domain(system_app, hal_qdutils_disp);
+hal_client_domain(system_app, hal_tui_comm);
--- a/vendor/common/tee.te
+++ b/vendor/common/tee.te
@@ -18,3 +18,11 @@ allow tee persist_data_file:dir create_dir_perms;
 allow tee persist_data_file:file create_file_perms;

 allow tee time_daemon:unix_stream_socket connectto;
+
+#secureUI
+hal_client_domain(tee, hal_tui_comm);
+hal_client_domain(tee, hal_qdutils_disp);
+hal_client_domain(tee, hal_graphics_allocator);
+vndbinder_use(tee);
+allow tee qdisplay_service:service_manager find;
+hal_client_domain(tee, hal_graphics_composer);