diff options
author | Suresh Kumar Sugguna <sureshk@codeaurora.org> | 2018-02-05 12:57:53 +0530 |
---|---|---|
committer | Suresh Kumar Sugguna <sureshk@codeaurora.org> | 2018-03-12 14:29:37 +0530 |
commit | 571f266bd588dc6a5fc856b8316e6ae7fb82811b (patch) | |
tree | 45f33ea9b00b20501821372968dfb49edfce7f76 | |
parent | dd737e453e934e2607c84efd966200bdad622534 (diff) | |
download | android_device_qcom_sepolicy-571f266bd588dc6a5fc856b8316e6ae7fb82811b.tar.gz android_device_qcom_sepolicy-571f266bd588dc6a5fc856b8316e6ae7fb82811b.tar.bz2 android_device_qcom_sepolicy-571f266bd588dc6a5fc856b8316e6ae7fb82811b.zip |
sepolicy: initial qmmf-webserver sepolicy drop.
Add qmmf webserver and corresponding permissions
Change-Id: I85e0bb7be9a30992d8ff565a9cfc2f839e09f957
-rw-r--r-- | qcs605/file.te | 3 | ||||
-rw-r--r-- | qcs605/file_contexts | 2 | ||||
-rw-r--r-- | qcs605/property_contexts | 1 | ||||
-rw-r--r-- | qcs605/qmmf-servd.te | 2 | ||||
-rw-r--r-- | qcs605/qmmf-webserverd.te | 59 |
5 files changed, 67 insertions, 0 deletions
diff --git a/qcs605/file.te b/qcs605/file.te index c403cfec..ed9efc58 100644 --- a/qcs605/file.te +++ b/qcs605/file.te @@ -27,3 +27,6 @@ # qmmf data file type qmmf_data_file, file_type, data_file_type; + +# vam data file +type qmmf_vam_data_file, file_type, data_file_type; diff --git a/qcs605/file_contexts b/qcs605/file_contexts index 2ecfe880..1cf4ac01 100644 --- a/qcs605/file_contexts +++ b/qcs605/file_contexts @@ -155,6 +155,8 @@ # qmmf server /(vendor|system/vendor)/bin/qmmf-server u:object_r:qmmf-servd_exec:s0 +/(vendor|system/vendor)/bin/qmmf-webserver-zygote u:object_r:qmmf-webserverd_exec:s0 # qmmf data files /data/misc/qmmf(/.*)? u:object_r:qmmf_data_file:s0 +/data/misc/vam(/.*)? u:object_r:qmmf_vam_data_file:s0 diff --git a/qcs605/property_contexts b/qcs605/property_contexts index 057446f0..4faa3e08 100644 --- a/qcs605/property_contexts +++ b/qcs605/property_contexts @@ -27,3 +27,4 @@ qmmf. u:object_r:qmmf_prop:s0 persist.qmmf. u:object_r:qmmf_prop:s0 +vam. u:object_r:qmmf_prop:s0 diff --git a/qcs605/qmmf-servd.te b/qcs605/qmmf-servd.te index 080d528b..6dda04a4 100644 --- a/qcs605/qmmf-servd.te +++ b/qcs605/qmmf-servd.te @@ -76,3 +76,5 @@ allow qmmf-servd ion_device:chr_file r_file_perms; hal_client_domain(qmmf-servd, hal_graphics_allocator) hal_client_domain(qmmf-servd, hal_configstore) r_dir_file(qmmf-servd, oemfs) + +binder_call(qmmf-servd, qmmf-webserverd) diff --git a/qcs605/qmmf-webserverd.te b/qcs605/qmmf-webserverd.te new file mode 100644 index 00000000..fc99edb2 --- /dev/null +++ b/qcs605/qmmf-webserverd.te @@ -0,0 +1,59 @@ +# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type qmmf-webserverd, domain; +type qmmf-webserverd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(qmmf-webserverd) + +net_domain(qmmf-webserverd) + +vndbinder_use(qmmf-webserverd); +binder_call(qmmf-webserverd, qmmf-servd) + +allow qmmf-webserverd { qmmf_system_service + qmmf_recorder_service + qmmf_audio_service + qmmf_player_service + qmmf_display_service + }:service_manager find; + +allow qmmf-webserverd ion_device:chr_file r_file_perms; +allow qmmf-webserverd proc_net:file r_file_perms; + +allow qmmf-webserverd qmmf_vam_data_file:dir create_dir_perms; +allow qmmf-webserverd qmmf_vam_data_file:file create_file_perms; + +allow qmmf-webserverd qmmf_data_file:dir rw_dir_perms; +allow qmmf-webserverd qmmf_data_file:file create_file_perms; + +allow qmmf-webserverd camera_data_file:dir w_dir_perms; +allow qmmf-webserverd camera_data_file:file create_file_perms; + +set_prop(qmmf-webserverd, qmmf_prop) + +r_dir_file(qmmf-webserverd, input_device); +allow qmmf-webserverd input_device:chr_file r_file_perms; |