diff options
author | Alex Sarraf <asarraf@codeaurora.org> | 2015-09-29 21:50:15 -0700 |
---|---|---|
committer | Alex Sarraf <asarraf@codeaurora.org> | 2015-10-15 17:52:21 -0700 |
commit | e9d3a5ef32e36803becba9584b0a468aedd9378c (patch) | |
tree | 977ad5509a144551617c7411f0a5d592461faccf | |
parent | 1075b21e80632a2c4507aab08963f1661ca4641d (diff) | |
download | android_device_qcom_sepolicy-e9d3a5ef32e36803becba9584b0a468aedd9378c.tar.gz android_device_qcom_sepolicy-e9d3a5ef32e36803becba9584b0a468aedd9378c.tar.bz2 android_device_qcom_sepolicy-e9d3a5ef32e36803becba9584b0a468aedd9378c.zip |
Update secure policies for hbtp
Update secure policies for hbtp to use fastrpc services.
Change-Id: Ia856cffa4f5570b78bda61a93a8f591862dadc9f
-rw-r--r-- | common/file_contexts | 1 | ||||
-rw-r--r-- | common/hbtp.te | 29 | ||||
-rw-r--r-- | common/init_shell.te | 1 | ||||
-rw-r--r-- | common/platform_app.te | 3 | ||||
-rw-r--r-- | common/property.te | 2 | ||||
-rw-r--r-- | common/property_contexts | 1 | ||||
-rw-r--r-- | common/service.te | 1 | ||||
-rw-r--r-- | common/service_contexts | 2 | ||||
-rw-r--r-- | common/untrusted_app.te | 5 |
9 files changed, 41 insertions, 4 deletions
diff --git a/common/file_contexts b/common/file_contexts index d67d0dd1..09101899 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -47,6 +47,7 @@ /dev/pta u:object_r:pta_device:s0 /dev/mdss_rotator u:object_r:graphics_device:s0 /dev/hbtp_input u:object_r:hbtp_device:s0 +/dev/hbtp_vm u:object_r:hbtp_device:s0 /dev/jdi-bu21150 u:object_r:bu21150_device:s0 /dev/voice_svc u:object_r:voice_device:s0 /dev/avtimer u:object_r:avtimer_device:s0 diff --git a/common/hbtp.te b/common/hbtp.te index 22aa1bc1..0a9e4eba 100644 --- a/common/hbtp.te +++ b/common/hbtp.te @@ -5,14 +5,35 @@ type hbtp_exec, exec_type, file_type; init_daemon_domain(hbtp) # Allow access for /dev/hbtp_input and /dev/jdi-bu21150 -allow hbtp { hbtp_device bu21150_device }:chr_file rw_file_perms; - -allow hbtp hbtp_cfg_file:dir rw_dir_perms; -allow hbtp hbtp_cfg_file:file create_file_perms; +allow hbtp { hbtp_device qdsp_device bu21150_device }:chr_file rw_file_perms; allow hbtp hbtp_log_file:dir rw_dir_perms; allow hbtp hbtp_log_file:file create_file_perms; +allow hbtp sysfs_usb_supply:dir search; +allow hbtp sysfs_usb_supply:file rw_file_perms; + +allow hbtp sysfs:file write; + allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind }; binder_use(hbtp); + +allow hbtp improve_touch_service:service_manager add; + +userdebug_or_eng(` + binder_call(hbtp, untrusted_app); +') + +binder_call(hbtp, platform_app); + +binder_call(hbtp, surfaceflinger); + +# Allow the service to access wakelock sysfs +allow hbtp sysfs_wake_lock:file r_file_perms; + +# Allow the service to change to system from root +allow hbtp self:capability { setgid setuid }; + +# Allow the service to access wakelock capability +wakelock_use(hbtp) diff --git a/common/init_shell.te b/common/init_shell.te index 0a91b68b..afeb4bed 100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -76,6 +76,7 @@ allow qti_init_shell { # Needed for starting console in userdebug mode userdebug_or_eng(`ctl_console_prop coresight_prop') rmnet_mux_prop + ctl_hbtp_prop }:property_service set; allow qti_init_shell efs_boot_dev:blk_file r_file_perms; diff --git a/common/platform_app.te b/common/platform_app.te index 31082815..21ea7547 100644 --- a/common/platform_app.te +++ b/common/platform_app.te @@ -18,3 +18,6 @@ allow platform_app nfc_service:service_manager find; #Allow platform apps to interact with seemp health daemon binder_call(platform_app, seemp_health_daemon) + +# Allow improveTouch service to be found +binder_call(platform_app, hbtp); diff --git a/common/property.te b/common/property.te index 1d83d8c4..2bd71912 100644 --- a/common/property.te +++ b/common/property.te @@ -35,3 +35,5 @@ type rmnet_mux_prop, property_type; type qemu_hw_mainkeys_prop, property_type; type coresight_prop, property_type; + +type ctl_hbtp_prop, property_type; diff --git a/common/property_contexts b/common/property_contexts index 8f52c1be..1289583a 100644 --- a/common/property_contexts +++ b/common/property_contexts @@ -33,3 +33,4 @@ location. u:object_r:location_prop:s0 persist.rmnet.mux u:object_r:rmnet_mux_prop:s0 qemu.hw.mainkeys u:object_r:qemu_hw_mainkeys_prop:s0 dbg.coresight.cfg_file u:object_r:coresight_prop:s0 +ctl.hbtp u:object_r:ctl_hbtp_prop:s0 diff --git a/common/service.te b/common/service.te index ef6d0ff9..4120049b 100644 --- a/common/service.te +++ b/common/service.te @@ -12,6 +12,7 @@ type STAProxyService, service_manager_type; type dun_service, service_manager_type; type imscm_service, system_api_service, service_manager_type; type color_service, service_manager_type; +type improve_touch_service, service_manager_type; type wfdservice_service, service_manager_type; type usf_service, service_manager_type; type dtseagleservice_service, service_manager_type; diff --git a/common/service_contexts b/common/service_contexts index dfbbed47..c57eab7e 100644 --- a/common/service_contexts +++ b/common/service_contexts @@ -12,6 +12,8 @@ STAProxyService u:object_r:STAProxyService:s0 dun u:object_r:dun_service:s0 qti.ims.connectionmanagerservice u:object_r:imscm_service:s0 com.qti.snapdragon.sdk.display.IColorService u:object_r:color_service:s0 +improveTouch.TouchService u:object_r:improve_touch_service:s0 +improveTouch.TouchManagerService u:object_r:improve_touch_service:s0 wfdservice u:object_r:wfdservice_service:s0 DigitalPen u:object_r:usf_service:s0 dts_eagle_service u:object_r:dtseagleservice_service:s0 diff --git a/common/untrusted_app.te b/common/untrusted_app.te index 911ffcd8..8a42b733 100644 --- a/common/untrusted_app.te +++ b/common/untrusted_app.te @@ -13,3 +13,8 @@ userdebug_or_eng(` # for finding wbc_service allow untrusted_app wbc_service:service_manager find; + +# using binder call +userdebug_or_eng(` + binder_call(untrusted_app, hbtp); +') |