sepolicy: add sepolicy for USB UICC daemon

warnings related usb_uicc_daemon are fixed

Change-Id: I1bdff7f349950ecea1cc6550a39b5589f0e8e789

6 files changed, 45 insertions, 29 deletions

diff --git a/common/device.te b/common/device.te
index 2b37ab85..6a58cec5 100755
--- a/common/device.te
+++ b/common/device.te
@@ -57,3 +57,6 @@ type misc_partition, dev_type;
 
 #Bootselect partition
 type bootselect_device, dev_type;
+
+#define usb_uicc_device for usb_uicc daemon
+type usb_uicc_device, dev_type;
diff --git a/common/file.te b/common/file.te
index 134bb475..3ef209e9 100755
--- a/common/file.te
+++ b/common/file.te
@@ -72,3 +72,6 @@ type sysfs_hsic_host_rdy, sysfs_type, file_type;
 
 # Files accessed by qcom-system-daemon
 type sysfs_socinfo, fs_type, sysfs_type;
+
+#Define the sysfs files for usb_uicc_daemon
+type sysfs_usb_uicc, sysfs_type, fs_type;
diff --git a/common/file_contexts b/common/file_contexts
index 2bda71f6..0ba126e3 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -29,6 +29,17 @@
 /dev/block/bootdevice/by-name/fsc               u:object_r:modem_efs_partition_device:s0
 /dev/block/bootdevice/by-name/ssd               u:object_r:ssd_device:s0
 /dev/block/mmcblk0rpmb                          u:object_r:rpmb_device:s0
+/dev/ccid_bridge                                u:object_r:usb_uicc_device:s0
+/dev/block/bootdevice/by-name/mdm1m9kefs1       u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/mdm1m9kefs2       u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/mdm1m9kefs3       u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/mdm1m9kefsc       u:object_r:efs_boot_dev:s0
+/dev/subsys_.*                                  u:object_r:ssr_device:s0
+/dev/esoc.*                                     u:object_r:esoc_device:s0
+/dev/ks_hsic_bridge                             u:object_r:ksbridgehsic_device:s0
+/dev/efs_hsic_bridge                            u:object_r:efsbridgehsic_device:s0
+/dev/block/platform/msm_sdcc.1/by-name/misc                         u:object_r:misc_partition:s0
+/dev/block/platform/msm_sdcc.1/by-name/bootselect                   u:object_r:bootselect_device:s0
 
 ###################################
 # Dev socket nodes
@@ -80,6 +91,12 @@
 /system/bin/hostapd_cli                         u:object_r:hostapd_exec:s0
 /system/bin/wpa_cli                             u:object_r:wpa_exec:s0
 /system/bin/cnss-daemon                         u:object_r:wpa_exec:s0
+/system/bin/mdm_helper                          u:object_r:mdm_helper_exec:s0
+/system/bin/mdm_helper_proxy                    u:object_r:mdm_helper_exec:s0
+/system/bin/ks                                  u:object_r:mdm_helper_exec:s0
+/system/bin/pm-service                          u:object_r:per_mgr_exec:s0
+/system/bin/usb_uicc_client                     u:object_r:usb_uicc_daemon_exec:s0
+/system/bin/qcom-system-daemon                  u:object_r:qcomsysd_exec:s0
 
 ###################################
 # sysfs files
@@ -108,6 +125,12 @@
 /sys/devices/virtual/graphics/fb([0-2])+/hpd                        u:object_r:sysfs_graphics:s0
 /sys/class/graphics/fb([0-2])+/mdp/caps                             u:object_r:sysfs_graphics:s0
 /sys/class/graphics/fb([0-2])+/ad                                   u:object_r:sysfs_graphics:s0
+/sys/bus/platform/drivers/xhci_msm_hsic(/.*)?                       u:object_r:sysfs_hsic:s0
+/sys/devices/msm_hsic_host/host_ready                               u:object_r:sysfs_hsic_host_rdy:s0
+/sys/bus/esoc(/.*)?                                                 u:object_r:sysfs_esoc:s0
+/sys/bus/msm_subsys(/.*)?                                           u:object_r:sysfs_ssr:s0
+/sys/devices/soc0/.*                                                u:object_r:sysfs_socinfo:s0
+/sys/module/ccid_bridge(/.*)?                                       u:object_r:sysfs_usb_uicc:s0
 
 ###################################
 # data files
@@ -129,32 +152,3 @@
 #
 /persist(/.*)?                                                      u:object_r:persist_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0
-
-####################################
-## mdm-helper files
-/system/bin/mdm_helper                                              u:object_r:mdm_helper_exec:s0
-/system/bin/mdm_helper_proxy                                        u:object_r:mdm_helper_exec:s0
-/system/bin/ks                                                      u:object_r:mdm_helper_exec:s0
-/dev/block/bootdevice/by-name/mdm1m9kefs1                           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/mdm1m9kefs2                           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/mdm1m9kefs3                           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/mdm1m9kefsc                           u:object_r:efs_boot_dev:s0
-/dev/subsys_.*                                                      u:object_r:ssr_device:s0
-/dev/esoc.*                                                         u:object_r:esoc_device:s0
-/dev/ks_hsic_bridge                                                 u:object_r:ksbridgehsic_device:s0
-/dev/efs_hsic_bridge                                                u:object_r:efsbridgehsic_device:s0
-/sys/bus/platform/drivers/xhci_msm_hsic(/.*)?                       u:object_r:sysfs_hsic:s0
-/sys/devices/msm_hsic_host/host_ready                               u:object_r:sysfs_hsic_host_rdy:s0
-/sys/bus/esoc(/.*)?                                                 u:object_r:sysfs_esoc:s0
-/sys/bus/msm_subsys(/.*)?                                           u:object_r:sysfs_ssr:s0
-
-###################################
-#peripheral manager files
-/system/bin/pm-service                                              u:object_r:per_mgr_exec:s0
-
-####################################
-#qcom-system-daemon files
-/system/bin/qcom-system-daemon                                      u:object_r:qcomsysd_exec:s0
-/dev/block/platform/msm_sdcc.1/by-name/misc                         u:object_r:misc_partition:s0
-/dev/block/platform/msm_sdcc.1/by-name/bootselect                   u:object_r:bootselect_device:s0
-/sys/devices/soc0/.*                                                u:object_r:sysfs_socinfo:s0
diff --git a/common/property.te b/common/property.te
new file mode 100644
index 00000000..1e54640c
--- /dev/null
+++ b/common/property.te
@@ -0,0 +1,2 @@
+# property for uicc_daemon
+type uicc_prop, property_type;
diff --git a/common/property_contexts b/common/property_contexts
index 7e11b53f..fd1f7161 100644
--- a/common/property_contexts
+++ b/common/property_contexts
@@ -1 +1,2 @@
 wc_transport.              u:object_r:bluetooth_prop:s0
+usb_uicc.                  u:object_r:uicc_prop:s0
diff --git a/common/usb_uicc_daemon.te b/common/usb_uicc_daemon.te
new file mode 100644
index 00000000..8e90849b
--- /dev/null
+++ b/common/usb_uicc_daemon.te
@@ -0,0 +1,13 @@
+# usb_uicc_daemon
+type usb_uicc_daemon, domain;
+type usb_uicc_daemon_exec, exec_type, file_type;
+
+# Make transition from init to its domain
+init_daemon_domain(usb_uicc_daemon)
+
+allow usb_uicc_daemon property_socket:sock_file w_file_perms;
+allow usb_uicc_daemon self:socket create_socket_perms;
+allow usb_uicc_daemon usb_uicc_device:chr_file rw_file_perms;
+allow usb_uicc_daemon uicc_prop:property_service set;
+allow usb_uicc_daemon sysfs_usb_uicc:file rw_file_perms;
+allow usb_uicc_daemon sysfs_usb_uicc:dir rw_dir_perms;