diff options
author | Amir Samuelov <amirs@codeaurora.org> | 2016-08-17 10:44:37 +0300 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-08-17 00:47:21 -0700 |
commit | 0ab8dbe4ce3b5bde2288a33090fad24b62e49756 (patch) | |
tree | 3b5481750736c062be54b165df48f450fc3d14e9 | |
parent | fba8951fd668a744bdccb44e39508747d7531443 (diff) | |
download | android_device_qcom_sepolicy-0ab8dbe4ce3b5bde2288a33090fad24b62e49756.tar.gz android_device_qcom_sepolicy-0ab8dbe4ce3b5bde2288a33090fad24b62e49756.tar.bz2 android_device_qcom_sepolicy-0ab8dbe4ce3b5bde2288a33090fad24b62e49756.zip |
sepolicy: add Secure Processor Daemon (spdaemon)
Add spdaemon selinux policy file,
to allow it to start by init process.
CRs-Fixed: 1048641
Change-Id: If8a2d6a089cd6c37255896cc9ccd2d82365fbd9f
-rw-r--r-- | common/device.te | 12 | ||||
-rw-r--r-- | common/file.te | 3 | ||||
-rw-r--r-- | common/file_contexts | 6 | ||||
-rw-r--r-- | common/spdaemon.te | 60 |
4 files changed, 81 insertions, 0 deletions
diff --git a/common/device.te b/common/device.te index 443228d7..22e046e4 100644 --- a/common/device.te +++ b/common/device.te @@ -86,6 +86,18 @@ type ipa_dev, dev_type; type wcnss_device, dev_type; +# Define spcom device +type spcom_device, dev_type; + +# Define skp device +type skp_device, dev_type; + +# Define sp_ssr device +type sp_ssr_device, dev_type; + +# Define sp_keymaster device +type sp_keymaster_device, dev_type; + # Define QDSS devices type qdss_device, dev_type; diff --git a/common/file.te b/common/file.te index 81a36f94..47ec84f4 100644 --- a/common/file.te +++ b/common/file.te @@ -89,6 +89,9 @@ type gamed_socket, file_type; type iop_socket, file_type; type iop_data_file, file_type, data_file_type; +# SPSS Apps images location +type spss_data_file, file_type, data_file_type; + #mm-qcamera-daemon socket type camera_socket, file_type; diff --git a/common/file_contexts b/common/file_contexts index 1ab0adb7..bee6d8ea 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -15,6 +15,10 @@ /dev/nfc-nci u:object_r:nfc_device:s0 /dev/nq-nci u:object_r:nfc_device:s0 /dev/qseecom u:object_r:tee_device:s0 +/dev/spcom u:object_r:spcom_device:s0 +/dev/sp_kernel u:object_r:skp_device:s0 +/dev/sp_ssr u:object_r:sp_ssr_device:s0 +/dev/sp_keymaster u:object_r:sp_keymaster_device:s0 /dev/seemplog u:object_r:seemplog_device:s0 /dev/radio0 u:object_r:fm_radio_device:s0 /dev/rtc0 u:object_r:rtc_device:s0 @@ -167,6 +171,7 @@ /system/bin/tftp_server u:object_r:rfs_access_exec:s0 /system/bin/hvdcp u:object_r:hvdcp_exec:s0 /system/bin/qseecomd u:object_r:tee_exec:s0 +/system/bin/spdaemon u:object_r:spdaemon_exec:s0 /system/bin/hostapd_cli u:object_r:hostapd_exec:s0 /system/bin/adsprpcd u:object_r:adsprpcd_exec:s0 /system/bin/wpa_cli u:object_r:wcnss_service_exec:s0 @@ -305,6 +310,7 @@ /data/misc/ipa(/.*)? u:object_r:ipacm_data_file:s0 /data/dpm(/.*)? u:object_r:dpmd_data_file:s0 /data/misc/qsee(/.*)? u:object_r:data_qsee_file:s0 +/data/misc/spss(/.*)? u:object_r:spss_data_file:s0 /data/misc/location(/.*)? u:object_r:location_data_file:s0 /data/misc/location/mq/location-mq-s u:object_r:location_socket:s0 /data/misc/location/mq/alarm_svc u:object_r:location_socket:s0 diff --git a/common/spdaemon.te b/common/spdaemon.te new file mode 100644 index 00000000..1a2d6840 --- /dev/null +++ b/common/spdaemon.te @@ -0,0 +1,60 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# spdaemon service +type spdaemon, domain; +type spdaemon_exec, exec_type, file_type; + +init_daemon_domain(spdaemon) + +# Allow access to spcom device +allow spdaemon spcom_device:chr_file rw_file_perms; + +# Allow access to skp device +allow spdaemon skp_device:chr_file rw_file_perms; + +# Allow access to sp_ssr device +allow spdaemon sp_ssr_device:chr_file rw_file_perms; + +# Allow access to sp_keymaster device +allow spdaemon sp_keymaster_device:chr_file rw_file_perms; + +# Allow access to ion device +allow spdaemon ion_device:chr_file rw_file_perms; + +# Allow to load SPSS firmware images +r_dir_file(spdaemon, firmware_file); + +# Allow to load SPSS Apps images +allow spdaemon spss_data_file:dir r_dir_perms; +allow spdaemon spss_data_file:file r_file_perms; + +# Allow check SPSS Apps images stat() +allow spdaemon spss_data_file:file getattr; + +# Allow set system prop +allow spdaemon system_prop:property_service set; |