Merge tag 'AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161' into HEAD

AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161 based on quic

* tag 'AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161': (24 commits)
  WFD: Adding perflock permissions
  sepolicy: Add sepolicy rules for display clients
  seandroid: imscm needs to communicate with apps
  sepolicy: Add context label for '/persist/display/*'
  Seandroid: Add policy for FIDO daemons
  sepolicy: Update BCL sysfs nodes in file context
  sepolicy : Add rules for seempd
  sepolicy: allow cnd to use socket fd and get appname
  seandroid: Adding policy from other directories
  seandroid: Policy update for the mcStarter application
  recovery: Allow recovery to change the label on rfs_system_file
  sepolicy: recovery: Allow recovery to read from /data and the sdcard
  SEAndroid: location policies for location-mq-s
  Seandroid: Changing diag_device access policy
  Seandroid: Allow shell to read persist partition
  sepolicy: allow dpmd to create self socket and netlink socket.
  sepolicy: Add SELinux policy rule for pp daemon socket calls
  Sepolicy: allow ipacm to send socket in user mode
  Add sysfs access permission for WFD service
  netd: Allow dnsmasq access to netd fifo file
  ...

Conflicts:
	common/file_contexts

Change-Id: If4aee5e06cf7b2110895bc3b1ed40687e01ef65c

4 files changed, 34 insertions, 0 deletions

diff --git a/test/fidotest.te b/test/fidotest.te
new file mode 100644
index 00000000..e601d6dc
--- /dev/null
+++ b/test/fidotest.te
@@ -0,0 +1,29 @@
+type fidotest, domain;
+type fidotest_exec, exec_type, file_type;
+init_daemon_domain(fidotest)
+userdebug_or_eng(`
+  #Allow fido test daemons to use Binder IPC
+  binder_use(fidotest)
+
+  #Allow apps to interact with fido test daemons
+  binder_call(fidotest, platform_app)
+  binder_call(platform_app, fidotest)
+  binder_call(fidotest, system_app)
+  binder_call(system_app, fidotest)
+
+  # Mark fido test daemons as a Binder service domain
+  binder_service(fidotest)
+
+  #Allow fido test daemons to be registered with service manager
+  allow fidotest fidotest_service:service_manager add;
+
+  # Allow communication with init over property server
+  unix_socket_connect(fidotest, property, init);
+
+  # Allow access to tee device
+  allow fidotest tee_device:chr_file rw_file_perms;
+
+  # Allow access to firmware
+  allow fidotest firmware_file:dir r_dir_perms;
+  allow fidotest firmware_file:file r_file_perms;
+')
diff --git a/test/file_contexts b/test/file_contexts
index f41cc3c0..ed23e043 100755
--- a/test/file_contexts
+++ b/test/file_contexts
@@ -38,6 +38,9 @@
 /system/bin/StoreKeybox                         u:object_r:sectest_exec:s0
 /system/bin/InstallKeybox                       u:object_r:sectest_exec:s0
 
+#Authentication and FIDO
+/system/vendor/bin/sampleauthdaemon             u:object_r:fidotest_exec:s0
+
 #Context for location features
 /system/bin/sdp_test                            u:object_r:location_exec:s0
 /system/bin/icm_test                            u:object_r:location_exec:s0
diff --git a/test/service.te b/test/service.te
new file mode 100644
index 00000000..5818b6ce
--- /dev/null
+++ b/test/service.te
@@ -0,0 +1 @@
+type fidotest_service,        service_manager_type;
diff --git a/test/service_contexts b/test/service_contexts
new file mode 100644
index 00000000..a97abcbd
--- /dev/null
+++ b/test/service_contexts
@@ -0,0 +1 @@
+com.qualcomm.qti.auth.securesampleauthdaemon   u:object_r:fidotest_service:s0