Sepolicy:: Policies are added for nqnfcinfo daemon

Allow nqnfcinfo daemon to access nfc nq dev node
and grant permission to set property.

Change-Id: I85e72ed412bc5d91634146b743d75face9bcedb0
CRs-Fixed: 1088226

4 files changed, 44 insertions, 0 deletions

diff --git a/common/file_contexts b/common/file_contexts
index abfe3bcf..b24c4191 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -135,6 +135,7 @@
 /system/bin/ATFWD-daemon                        u:object_r:atfwd_exec:s0
 /system/bin/PktRspTest                          u:object_r:diag_exec:s0
 /system/bin/audiod                              u:object_r:audiod_exec:s0
+/system/vendor/bin/nqnfcinfo                    u:object_r:nqnfcinfo_exec:s0
 /system/bin/charger_monitor                     u:object_r:charger_monitor_exec:s0
 /system/bin/hvdcp_opti                          u:object_r:hvdcp_exec:s0
 /system/bin/cnd                                 u:object_r:cnd_exec:s0
diff --git a/common/nqnfcinfo.te b/common/nqnfcinfo.te
new file mode 100644
index 00000000..3efc94c3
--- /dev/null
+++ b/common/nqnfcinfo.te
@@ -0,0 +1,39 @@
+#Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+#Redistribution and use in source and binary forms, with or without
+#modification, are permitted provided that the following conditions are
+#met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+#ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type nqnfcinfo, domain;
+type nqnfcinfo_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(nqnfcinfo)
+
+r_dir_file(nqnfcinfo, sysfs_socinfo);
+
+set_prop(nqnfcinfo, nfc_nq_prop);
+
+# Access device nodes inside /dev/nq-nci
+allow nqnfcinfo nfc_device:chr_file rw_file_perms;
diff --git a/common/property.te b/common/property.te
index 16b716a9..5ae8f71e 100755
--- a/common/property.te
+++ b/common/property.te
@@ -97,3 +97,5 @@ type hwui_prop, property_type, core_property_type;
 type graphics_vulkan_prop, property_type, core_property_type;
 #boot mode property
 type boot_mode_prop, property_type;
+#properties for nfc
+type nfc_nq_prop, property_type, core_property_type;
diff --git a/common/property_contexts b/common/property_contexts
index 78d90a32..5d457153 100755
--- a/common/property_contexts
+++ b/common/property_contexts
@@ -89,3 +89,5 @@ persist.graphics.vulkan.disable     u:object_r:graphics_vulkan_prop:s0
 sys.boot_mode              u:object_r:boot_mode_prop:s0
 # GPU
 ro.gpu.available_frequencies u:object_r:freq_prop:s0
+# NFC
+sys.nfc.nq.                u:object_r:nfc_nq_prop:s0