diff options
author | Kineret Berger <kberger@codeaurora.org> | 2018-02-14 10:56:44 +0200 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-03-05 05:41:47 -0800 |
commit | 3c1bce448c926e3a1a89aa5ae46e587023d406b2 (patch) | |
tree | 172495a6692d9043a17f7eaea210bfd430416124 | |
parent | c3f652e3ebd866b6c06aa7efb81b0e606981b3ed (diff) | |
download | android_device_qcom_sepolicy-3c1bce448c926e3a1a89aa5ae46e587023d406b2.tar.gz android_device_qcom_sepolicy-3c1bce448c926e3a1a89aa5ae46e587023d406b2.tar.bz2 android_device_qcom_sepolicy-3c1bce448c926e3a1a89aa5ae46e587023d406b2.zip |
sesepolicy: Add permission to spdaemon to access SSR channel
Instead of using sp_keymaster for SSR notifications, we'll
use a dummy channel - spdaemon_ssr.
Change-Id: If6e83d470b7bf437f9935c9953a5fbc8bfe6e452
-rw-r--r-- | common/device.te | 3 | ||||
-rw-r--r-- | common/file_contexts | 1 | ||||
-rw-r--r-- | common/spdaemon.te | 3 |
3 files changed, 7 insertions, 0 deletions
diff --git a/common/device.te b/common/device.te index f4dea16d..1d919f78 100644 --- a/common/device.te +++ b/common/device.te @@ -100,6 +100,9 @@ type sec_nvm_device, dev_type; # Define cryptoapp device type cryptoapp_device, dev_type; +# Define spdaemon_ssr device +type spdaemon_ssr_device, dev_type; + # Define qsee_ipc_irq_spss device type qsee_ipc_irq_spss_device, dev_type; diff --git a/common/file_contexts b/common/file_contexts index 2a1121d3..416a4cbc 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -23,6 +23,7 @@ /dev/sec_nvm_.* u:object_r:sec_nvm_device:s0 /dev/sp_keymaster u:object_r:sp_keymaster_device:s0 /dev/cryptoapp u:object_r:cryptoapp_device:s0 +/dev/spdaemon_ssr u:object_r:spdaemon_ssr_device:s0 /dev/qsee_ipc_irq_spss u:object_r:qsee_ipc_irq_spss_device:s0 /dev/radio0 u:object_r:fm_radio_device:s0 /dev/btpower u:object_r:bt_device:s0 diff --git a/common/spdaemon.te b/common/spdaemon.te index fc018343..30292bfa 100644 --- a/common/spdaemon.te +++ b/common/spdaemon.te @@ -47,6 +47,9 @@ allow spdaemon sp_keymaster_device:chr_file rw_file_perms; # Allow access to cryptoapp device allow spdaemon cryptoapp_device:chr_file rw_file_perms; +# Allow access to spdaemon_ssr device +allow spdaemon spdaemon_ssr_device:chr_file rw_file_perms; + # Allow access to ion device allow spdaemon ion_device:chr_file rw_file_perms; |