diff options
author | Divya Sharma <c_shard@codeaurora.org> | 2015-05-18 11:51:23 -0700 |
---|---|---|
committer | Divya Sharma <c_shard@codeaurora.org> | 2015-05-18 11:53:11 -0700 |
commit | 6ec7cbf7a50fed13963efd74482a9f717ecc141e (patch) | |
tree | 35692c1a4e979df14f237c6a8a5a79bbd6ad8099 /test | |
parent | f30952d663a67db260ce7bb2da25cac9b81687ef (diff) | |
parent | be13e881c416d60bff06bb88c56db9272cd9899f (diff) | |
download | android_device_qcom_sepolicy-6ec7cbf7a50fed13963efd74482a9f717ecc141e.tar.gz android_device_qcom_sepolicy-6ec7cbf7a50fed13963efd74482a9f717ecc141e.tar.bz2 android_device_qcom_sepolicy-6ec7cbf7a50fed13963efd74482a9f717ecc141e.zip |
Merge tag 'AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161' into HEAD
AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161 based on quic
* tag 'AU_LINUX_ANDROID_LA.BF64.1.2.1.05.01.01.066.161': (24 commits)
WFD: Adding perflock permissions
sepolicy: Add sepolicy rules for display clients
seandroid: imscm needs to communicate with apps
sepolicy: Add context label for '/persist/display/*'
Seandroid: Add policy for FIDO daemons
sepolicy: Update BCL sysfs nodes in file context
sepolicy : Add rules for seempd
sepolicy: allow cnd to use socket fd and get appname
seandroid: Adding policy from other directories
seandroid: Policy update for the mcStarter application
recovery: Allow recovery to change the label on rfs_system_file
sepolicy: recovery: Allow recovery to read from /data and the sdcard
SEAndroid: location policies for location-mq-s
Seandroid: Changing diag_device access policy
Seandroid: Allow shell to read persist partition
sepolicy: allow dpmd to create self socket and netlink socket.
sepolicy: Add SELinux policy rule for pp daemon socket calls
Sepolicy: allow ipacm to send socket in user mode
Add sysfs access permission for WFD service
netd: Allow dnsmasq access to netd fifo file
...
Conflicts:
common/file_contexts
Change-Id: If4aee5e06cf7b2110895bc3b1ed40687e01ef65c
Diffstat (limited to 'test')
-rw-r--r-- | test/fidotest.te | 29 | ||||
-rwxr-xr-x | test/file_contexts | 3 | ||||
-rw-r--r-- | test/service.te | 1 | ||||
-rw-r--r-- | test/service_contexts | 1 |
4 files changed, 34 insertions, 0 deletions
diff --git a/test/fidotest.te b/test/fidotest.te new file mode 100644 index 00000000..e601d6dc --- /dev/null +++ b/test/fidotest.te @@ -0,0 +1,29 @@ +type fidotest, domain; +type fidotest_exec, exec_type, file_type; +init_daemon_domain(fidotest) +userdebug_or_eng(` + #Allow fido test daemons to use Binder IPC + binder_use(fidotest) + + #Allow apps to interact with fido test daemons + binder_call(fidotest, platform_app) + binder_call(platform_app, fidotest) + binder_call(fidotest, system_app) + binder_call(system_app, fidotest) + + # Mark fido test daemons as a Binder service domain + binder_service(fidotest) + + #Allow fido test daemons to be registered with service manager + allow fidotest fidotest_service:service_manager add; + + # Allow communication with init over property server + unix_socket_connect(fidotest, property, init); + + # Allow access to tee device + allow fidotest tee_device:chr_file rw_file_perms; + + # Allow access to firmware + allow fidotest firmware_file:dir r_dir_perms; + allow fidotest firmware_file:file r_file_perms; +') diff --git a/test/file_contexts b/test/file_contexts index f41cc3c0..ed23e043 100755 --- a/test/file_contexts +++ b/test/file_contexts @@ -38,6 +38,9 @@ /system/bin/StoreKeybox u:object_r:sectest_exec:s0 /system/bin/InstallKeybox u:object_r:sectest_exec:s0 +#Authentication and FIDO +/system/vendor/bin/sampleauthdaemon u:object_r:fidotest_exec:s0 + #Context for location features /system/bin/sdp_test u:object_r:location_exec:s0 /system/bin/icm_test u:object_r:location_exec:s0 diff --git a/test/service.te b/test/service.te new file mode 100644 index 00000000..5818b6ce --- /dev/null +++ b/test/service.te @@ -0,0 +1 @@ +type fidotest_service, service_manager_type; diff --git a/test/service_contexts b/test/service_contexts new file mode 100644 index 00000000..a97abcbd --- /dev/null +++ b/test/service_contexts @@ -0,0 +1 @@ +com.qualcomm.qti.auth.securesampleauthdaemon u:object_r:fidotest_service:s0 |