diff options
author | Bhavana Prabhakar <bprabh@codeaurora.org> | 2017-07-12 15:31:44 -0700 |
---|---|---|
committer | Bhavana Prabhakar <bprabh@codeaurora.org> | 2017-07-14 12:53:21 -0700 |
commit | 3b30ed895ff208f68f8664030116101ecf9c9d5a (patch) | |
tree | 87513e63689cfb5c73a2fa9608f137d2bd2ea4cd /ssg | |
parent | 05144953c002ea378ca172c8ea1e5bf92ea7e949 (diff) | |
parent | 3889031e6e4e245150cb38e5b899fbaee91840ce (diff) | |
download | android_device_qcom_sepolicy-3b30ed895ff208f68f8664030116101ecf9c9d5a.tar.gz android_device_qcom_sepolicy-3b30ed895ff208f68f8664030116101ecf9c9d5a.tar.bz2 android_device_qcom_sepolicy-3b30ed895ff208f68f8664030116101ecf9c9d5a.zip |
Merge remote-tracking branch 'quic/sepolicy.lnx.2.9-rel' into HEAD
Change-Id: I07fcb1c7503490c5dad67f39ae2bf55383b60395
Diffstat (limited to 'ssg')
-rw-r--r-- | ssg/keys.conf | 2 | ||||
-rw-r--r-- | ssg/mac_permissions.xml | 12 | ||||
-rw-r--r-- | ssg/seapp_contexts | 3 | ||||
-rw-r--r-- | ssg/ssg_app.te | 47 | ||||
-rw-r--r-- | ssg/ssg_app_cert.x509.pem | 22 |
5 files changed, 86 insertions, 0 deletions
diff --git a/ssg/keys.conf b/ssg/keys.conf new file mode 100644 index 00000000..19171fee --- /dev/null +++ b/ssg/keys.conf @@ -0,0 +1,2 @@ +[@SSG] +ALL : device/qcom/sepolicy/ssg/ssg_app_cert.x509.pem diff --git a/ssg/mac_permissions.xml b/ssg/mac_permissions.xml new file mode 100644 index 00000000..e39e3979 --- /dev/null +++ b/ssg/mac_permissions.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + +<!-- +See /system/sepolicy/private/mac_permissions.xml +--> + + <signer signature="@SSG" > + <seinfo value="ssgapp" /> + </signer> + +</policy> diff --git a/ssg/seapp_contexts b/ssg/seapp_contexts new file mode 100644 index 00000000..7267cc89 --- /dev/null +++ b/ssg/seapp_contexts @@ -0,0 +1,3 @@ +# SSG apps for Connection Security +user=_app seinfo=ssgapp domain=ssg_app name=com.qualcomm.qti.qms.service.connectionsecurity type=app_data_file levelFrom=all +user=_app seinfo=ssgapp domain=ssg_app name=com.qualcomm.qti.qms.service.telemetry type=app_data_file levelFrom=all diff --git a/ssg/ssg_app.te b/ssg/ssg_app.te new file mode 100644 index 00000000..f06f9bc5 --- /dev/null +++ b/ssg/ssg_app.te @@ -0,0 +1,47 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## ssg_app +## +## This file defines the permissions that ssg_apps can carry + +type ssg_app, domain; + +app_domain(ssg_app) +net_domain(ssg_app) + +# Allow access to mlid socket +unix_socket_connect(ssg_app, mlid, mlid) + +allow ssg_app radio_service:service_manager find; +allow ssg_app surfaceflinger_service:service_manager find; +allow ssg_app app_api_service:service_manager find; + +# To get uuid and device info +allow ssg_app proc_cpuinfo:file r_file_perms; +allow ssg_app proc_meminfo:file r_file_perms; +r_dir_file(ssg_app, proc) diff --git a/ssg/ssg_app_cert.x509.pem b/ssg/ssg_app_cert.x509.pem new file mode 100644 index 00000000..70ad39fa --- /dev/null +++ b/ssg/ssg_app_cert.x509.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIELmaGwzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC +VVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xJDAiBgNVBAoT +G1F1YWxjb21tIFRlY2hub2xvZ2llcywgSW5jLjEMMAoGA1UECxMDU1NHMRwwGgYD +VQQDExNTU0cgUHJpdmlsZWdlZCBBcHBzMB4XDTE3MDYxOTIxMDAxNloXDTQ0MTEw +NDIxMDAxNlowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdVbmtub3duMRAwDgYD +VQQHEwdVbmtub3duMSQwIgYDVQQKExtRdWFsY29tbSBUZWNobm9sb2dpZXMsIElu +Yy4xDDAKBgNVBAsTA1NTRzEcMBoGA1UEAxMTU1NHIFByaXZpbGVnZWQgQXBwczCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwaT66u+2CUj44EYbOTeKFy +7EAmj35UI02ifnJZg+voMHGrp4OII411Gwtx15oPt+Dg7kymqu8urcqDnIS1sEGZ +TCsgqFnVqvGWk0aLG4PwaKmLo5kU365xIWmVHv/eH4Zu7OW2dvfVkirzc/p6pNS4 +mUbKr52do66B/BWyGOQ6ocxkMap54i+JJsPFl4ejIoAb4VuQKsDzCrgWFJoLwbAJ +TMvwVjer3KIEsoD3rlftfmWJA8u2OcwhR9L0Z8gTVWdIUEj+BPo3hpA8lNg4OKGb +F5Nez/MDvagp3TAYk6E+ake+/uWiPPdoZLpu0WvZU0mLIwj+FOAayHk+GfQSQKsC +AwEAAaMhMB8wHQYDVR0OBBYEFFac8wwmHfDY9GZoPKgY7bzzZApSMA0GCSqGSIb3 +DQEBCwUAA4IBAQA7BZpaBmj5WCTbNCYlZmIWONui89XVjxGmD/43ipFLaXuvG6PV +8WDIt0kkZTnAi1e7NE1yk7MnQSa37gXf5eYWM7rMxX90gae+/P5P8RT8Gp4OhZT7 +ITNpWKYZEIumxvnHcK/nAWAPgInzBDkNksUawc3ACU0kgoOiJiXfXWuHgjnwWDdA +YS/MjlXyIju8x+1PkzyXbE2PNOuaQdlaZWXtzsdKVfxk4RK9Um3+9i1Xr6yPNIqR +suBjThaMw740u4wg2oOZITY6b7RBfn9nxYu8zHzmIWE2xiLB6Rg2c5a3fKiOWXiL +xhSlrs1uuE+54290ZDtOpCRA0M411ClkyjLU +-----END CERTIFICATE----- |