diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2016-11-03 06:08:38 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-11-03 06:08:38 -0700 |
commit | df68f0e886ca8e6b47be840dd19fc6f89b095046 (patch) | |
tree | 9eebe9cbd5a315f172df2b91bc0b9603a769d7c7 | |
parent | 88a781dfc2edb816da43daef56c6f973ef41e7b6 (diff) | |
parent | ce0771623f916dda03b4c671f9d50df4c11ea2fe (diff) | |
download | android_device_qcom_sepolicy-df68f0e886ca8e6b47be840dd19fc6f89b095046.tar.gz android_device_qcom_sepolicy-df68f0e886ca8e6b47be840dd19fc6f89b095046.tar.bz2 android_device_qcom_sepolicy-df68f0e886ca8e6b47be840dd19fc6f89b095046.zip |
Merge "sepolicy: secure_touch: enable secure touch for qseecomd"
-rw-r--r-- | common/file.te | 3 | ||||
-rw-r--r-- | common/init_shell.te | 3 | ||||
-rw-r--r-- | common/qseecomd.te | 3 | ||||
-rw-r--r-- | msmcobalt/file_contexts | 5 |
4 files changed, 14 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index 2d31a6d4..b2290e7e 100644 --- a/common/file.te +++ b/common/file.te @@ -206,3 +206,6 @@ type persist_time_file, file_type; # kgsl file type for sysfs access type sysfs_kgsl, sysfs_type, fs_type; + +# secure touch files +type sysfs_securetouch, fs_type, sysfs_type; diff --git a/common/init_shell.te b/common/init_shell.te index 487caf05..22dc2769 100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -160,6 +160,9 @@ allow qti_init_shell kernel:key search; # To change owner of /sys/devices/virtual/hsicctl/hsicctl0/modem_wait to radio allow qti_init_shell sysfs_hsic_modem_wait:file { r_file_perms setattr }; +# To change owner/permissions of secure touch sysfs files +r_dir_file(qti_init_shell, sysfs_securetouch) + # core-ctl allow qti_init_shell cgroup:dir add_name; diff --git a/common/qseecomd.te b/common/qseecomd.te index a2118202..8e2f8955 100644 --- a/common/qseecomd.te +++ b/common/qseecomd.te @@ -47,6 +47,9 @@ allow tee time_daemon:unix_stream_socket connectto; allow tee graphics_device:dir r_dir_perms; allow tee graphics_device:chr_file r_file_perms; +#allow tee access for secure touch to work +allow tee sysfs_securetouch:file rw_file_perms; + allow tee surfaceflinger_service : service_manager find; binder_call(tee, surfaceflinger) diff --git a/msmcobalt/file_contexts b/msmcobalt/file_contexts index e7f2d8a4..a3dde719 100644 --- a/msmcobalt/file_contexts +++ b/msmcobalt/file_contexts @@ -67,3 +67,8 @@ ################################## # FBE /system/bin/init.qcom.qseecomd.sh u:object_r:init-qcom-fbe-sh_exec:s0 + +################################### +# sysfs files +# +/sys/devices/soc/75ba000.i2c/i2c-12/12-0020/input/input[0-9]/secure_touch_enable u:object_r:sysfs_securetouch:s0 |