Merge "sepolicy: add policy for qseecom hal"

5 files changed, 59 insertions, 0 deletions

diff --git a/qva/vendor/common/attributes b/qva/vendor/common/attributes
index 28dc6bfa..e218fdca 100644
--- a/qva/vendor/common/attributes
+++ b/qva/vendor/common/attributes
@@ -49,6 +49,10 @@ attribute hal_pasrmanager;
 attribute hal_pasrmanager_client;
 attribute hal_pasrmanager_server;
 
+attribute hal_qseecom;
+attribute hal_qseecom_client;
+attribute hal_qseecom_server;
+
 attribute hal_qteeconnector;
 attribute hal_qteeconnector_client;
 attribute hal_qteeconnector_server;
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index da1ae34c..3dd3c6c1 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -73,6 +73,7 @@
 /vendor/bin/hw/vendor\.qti\.hardware\.alarm@1\.0-service                           u:object_r:hal_alarm_qti_default_exec:s0
 /vendor/bin/hw/vendor\.qti\.hardware\.iop@2\.0-service                             u:object_r:hal_iop_default_exec:s0
 /vendor/bin/hw/vendor\.qti\.hardware\.mlshal@1\.0-service                          u:object_r:hal_mirrorlink_qti_exec:s0
+/vendor/bin/hw/vendor\.qti\.hardware\.qseecom@1\.0-service                         u:object_r:hal_qseecom_default_exec:s0
 /vendor/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service                   u:object_r:hal_qteeconnector_qti_exec:s0
 /vendor/bin/hw/vendor\.qti\.hardware\.scve\.objecttracker@1\.0-service             u:object_r:vendor_scve_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.panorama@1\.0-service  u:object_r:vendor_scve_exec:s0
diff --git a/qva/vendor/common/hal_qseecom.te b/qva/vendor/common/hal_qseecom.te
new file mode 100644
index 00000000..cbb5966d
--- /dev/null
+++ b/qva/vendor/common/hal_qseecom.te
@@ -0,0 +1,52 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#define the domain
+type hal_qseecom_default, domain;
+hal_server_domain(hal_qseecom_default, hal_qseecom)
+type hal_qseecom_default_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(hal_qseecom_default)
+
+#Allow hal_qseecom client domain apps to find hwservice
+binder_call(hal_qseecom_client, hal_qseecom_server)
+binder_call(hal_qseecom_server, hal_qseecom_client)
+
+#allow the service to be added to hwservice list
+hal_attribute_hwservice(hal_qseecom, hal_qseecom_hwservice)
+
+#allow access to hal_allocator
+hal_client_domain(hal_qseecom_default, hal_allocator)
+
+#allow access to ion device
+allow hal_qseecom_default ion_device:chr_file rw_file_perms;
+
+#Allow access to firmware
+r_dir_file(hal_qseecom_default, firmware_file);
+
+#Allow access to tee device
+allow hal_qseecom_default tee_device:chr_file rw_file_perms;
diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te
index 27755034..6d875cd1 100644
--- a/qva/vendor/common/hwservice.te
+++ b/qva/vendor/common/hwservice.te
@@ -50,3 +50,4 @@ type hal_wifilearner_hwservice, hwservice_manager_type;
 type hal_srvctracker_hwservice, hwservice_manager_type;
 type hal_qspmhal_hwservice, untrusted_app_visible_hwservice_violators, hwservice_manager_type;
 type hal_bluetooth_dun_hwservice, hwservice_manager_type;
+type hal_qseecom_hwservice, hwservice_manager_type;
diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts
index 6e73cf7c..29d810de 100644
--- a/qva/vendor/common/hwservice_contexts
+++ b/qva/vendor/common/hwservice_contexts
@@ -71,3 +71,4 @@ vendor.qti.hardware.bluetooth_audio::IBluetoothAudioProvidersFactory  u:object_r
 vendor.qti.hardware.wifi.wifilearner::IWifiStats             u:object_r:hal_wifilearner_hwservice:s0
 vendor.qti.qspmhal::IQspmhal                                 u:object_r:hal_qspmhal_hwservice:s0
 vendor.qti.hardware.cryptfshw::ICryptfsHw                    u:object_r:hal_keymaster_hwservice:s0
+vendor.qti.hardware.qseecom::IQSEECom                        u:object_r:hal_qseecom_hwservice:s0