sesepolicy: Add permission to spdaemon to access SSR channel

Instead of using sp_keymaster for SSR notifications, we'll
use a dummy channel - spdaemon_ssr.

Change-Id: If6e83d470b7bf437f9935c9953a5fbc8bfe6e452

3 files changed, 7 insertions, 0 deletions

diff --git a/common/device.te b/common/device.te
index f4dea16d..1d919f78 100644
--- a/common/device.te
+++ b/common/device.te
@@ -100,6 +100,9 @@ type sec_nvm_device, dev_type;
 # Define cryptoapp device
 type cryptoapp_device, dev_type;
 
+# Define spdaemon_ssr device
+type spdaemon_ssr_device, dev_type;
+
 # Define qsee_ipc_irq_spss device
 type qsee_ipc_irq_spss_device, dev_type;
 
diff --git a/common/file_contexts b/common/file_contexts
index 2a1121d3..416a4cbc 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -23,6 +23,7 @@
 /dev/sec_nvm_.*                                 u:object_r:sec_nvm_device:s0
 /dev/sp_keymaster                               u:object_r:sp_keymaster_device:s0
 /dev/cryptoapp                                  u:object_r:cryptoapp_device:s0
+/dev/spdaemon_ssr                               u:object_r:spdaemon_ssr_device:s0
 /dev/qsee_ipc_irq_spss                          u:object_r:qsee_ipc_irq_spss_device:s0
 /dev/radio0                                     u:object_r:fm_radio_device:s0
 /dev/btpower                                    u:object_r:bt_device:s0
diff --git a/common/spdaemon.te b/common/spdaemon.te
index fc018343..30292bfa 100644
--- a/common/spdaemon.te
+++ b/common/spdaemon.te
@@ -47,6 +47,9 @@ allow spdaemon sp_keymaster_device:chr_file rw_file_perms;
 # Allow access to cryptoapp device
 allow spdaemon cryptoapp_device:chr_file rw_file_perms;
 
+# Allow access to spdaemon_ssr device
+allow spdaemon spdaemon_ssr_device:chr_file rw_file_perms;
+
 # Allow access to ion device
 allow spdaemon ion_device:chr_file rw_file_perms;