diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2016-01-13 07:14:41 -0800 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-01-13 07:14:41 -0800 |
commit | 35db533935079980dec73f43cb231fa5dd15d2da (patch) | |
tree | d380f2fe967ba36ac0badc7a92cd575ebd6971c7 | |
parent | 94e2cac6eeb375e4788f666e0f72c5f04b7ca0c0 (diff) | |
parent | 3655710e6ab13e28b8c65da6d816529ea89dbb09 (diff) | |
download | android_device_qcom_sepolicy-35db533935079980dec73f43cb231fa5dd15d2da.tar.gz android_device_qcom_sepolicy-35db533935079980dec73f43cb231fa5dd15d2da.tar.bz2 android_device_qcom_sepolicy-35db533935079980dec73f43cb231fa5dd15d2da.zip |
Merge "sepolicy: Policy for FIDO Secure UI"
-rw-r--r-- | common/qsee_svc_app.te | 4 | ||||
-rw-r--r-- | common/qseeproxy.te | 6 | ||||
-rw-r--r-- | common/system_app.te | 3 | ||||
-rw-r--r-- | test/fidotest.te | 3 | ||||
-rw-r--r-- | test/qseeproxysample.te | 3 |
5 files changed, 19 insertions, 0 deletions
diff --git a/common/qsee_svc_app.te b/common/qsee_svc_app.te index fd57768c..4ff94df6 100644 --- a/common/qsee_svc_app.te +++ b/common/qsee_svc_app.te @@ -35,3 +35,7 @@ binder_call(qsee_svc_app, qseeproxy) # file permission allow qsee_svc_app qsee_svc_app_data_file:dir create_dir_perms; allow qsee_svc_app qsee_svc_app_data_file:file create_file_perms; + +# allow service manager find +allow qsee_svc_app { app_api_service system_api_service + fidodaemon_service qseeproxy_service }:service_manager find; diff --git a/common/qseeproxy.te b/common/qseeproxy.te index 826f25cb..f3385bf3 100644 --- a/common/qseeproxy.te +++ b/common/qseeproxy.te @@ -59,3 +59,9 @@ allow qseeproxy firmware_file:file r_file_perms; #Allow access to session files allow qseeproxy data_qsee_file:dir create_dir_perms; allow qseeproxy data_qsee_file:file create_file_perms ; + +#Allow access to system_app domain +allow qseeproxy system_app:unix_dgram_socket sendto; + +#Allow access to sysfs files +allow qseeproxy sysfs:file w_file_perms; diff --git a/common/system_app.te b/common/system_app.te index 8673d1e8..f8eef956 100644 --- a/common/system_app.te +++ b/common/system_app.te @@ -109,3 +109,6 @@ r_dir_file(system_app, audio_pp_data_file); # allow access to system app for radio files allow system_app radio_data_file:dir rw_dir_perms; allow system_app radio_data_file:file create_file_perms; + +# access to qseeproxy domain +allow system_app qseeproxy:unix_dgram_socket sendto; diff --git a/test/fidotest.te b/test/fidotest.te index e601d6dc..ed6226da 100644 --- a/test/fidotest.te +++ b/test/fidotest.te @@ -26,4 +26,7 @@ userdebug_or_eng(` # Allow access to firmware allow fidotest firmware_file:dir r_dir_perms; allow fidotest firmware_file:file r_file_perms; + + # Allow service manager to find + allow qsee_svc_app fidotest_service:service_manager find; ') diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te index 6b59bd14..9bddd750 100644 --- a/test/qseeproxysample.te +++ b/test/qseeproxysample.te @@ -54,4 +54,7 @@ userdebug_or_eng(` # Allow access to firmware allow qseeproxysample firmware_file:dir r_dir_perms; allow qseeproxysample firmware_file:file r_file_perms; + + #Allow service manager to find + allow qsee_svc_app qseeproxysample_service:service_manager find; ') |