diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2015-08-28 03:01:11 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-08-28 03:01:11 -0700 |
commit | 871ed81cb2561561d33fbcf2f5b9b69810a4bd60 (patch) | |
tree | f227babafdd46a0e9a91f17b2d28978660a4a751 /test | |
parent | 96dc6e356f97b86f1d39651e041c0de2d62b4e20 (diff) | |
parent | 458a1bb96294ca28d93ee3cd8e91f8df54eb9dbc (diff) | |
download | android_device_qcom_sepolicy-871ed81cb2561561d33fbcf2f5b9b69810a4bd60.tar.gz android_device_qcom_sepolicy-871ed81cb2561561d33fbcf2f5b9b69810a4bd60.tar.bz2 android_device_qcom_sepolicy-871ed81cb2561561d33fbcf2f5b9b69810a4bd60.zip |
Merge "sepolicy: Policy for QSEE proxy daemon and services"
Diffstat (limited to 'test')
-rwxr-xr-x | test/file_contexts | 1 | ||||
-rw-r--r-- | test/qseeproxysample.te | 57 | ||||
-rw-r--r-- | test/seapp_contexts | 4 | ||||
-rw-r--r-- | test/service.te | 29 | ||||
-rw-r--r-- | test/service_contexts | 29 |
5 files changed, 120 insertions, 0 deletions
diff --git a/test/file_contexts b/test/file_contexts index ed23e043..9a44684a 100755 --- a/test/file_contexts +++ b/test/file_contexts @@ -40,6 +40,7 @@ #Authentication and FIDO /system/vendor/bin/sampleauthdaemon u:object_r:fidotest_exec:s0 +/system/vendor/bin/qseeproxysampledaemon u:object_r:qseeproxysample_exec:s0 #Context for location features /system/bin/sdp_test u:object_r:location_exec:s0 diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te new file mode 100644 index 00000000..6b59bd14 --- /dev/null +++ b/test/qseeproxysample.te @@ -0,0 +1,57 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type qseeproxysample, domain; +type qseeproxysample_exec, exec_type, file_type; +init_daemon_domain(qseeproxysample) +userdebug_or_eng(` + #Allow test daemons to use Binder IPC + binder_use(qseeproxysample) + + #Allow services to interact with test daemon + binder_call(qseeproxysample, qsee_svc_app) + binder_call(qsee_svc_app, qseeproxysample) + + # Mark test daemon as a Binder service domain + binder_service(qseeproxysample) + + #Allow test daemon to be registered with service manager + allow qseeproxysample qseeproxysample_service:service_manager add; + + #Allow test daemon to use system_server via binder to check caller identity + binder_call(qseeproxysample, system_server) + + # Allow communication with init over property server + unix_socket_connect(qseeproxysample, property, init); + + # Allow access to tee device + allow qseeproxysample tee_device:chr_file rw_file_perms; + + # Allow access to firmware + allow qseeproxysample firmware_file:dir r_dir_perms; + allow qseeproxysample firmware_file:file r_file_perms; +') diff --git a/test/seapp_contexts b/test/seapp_contexts index 48aea987..214a72a9 100644 --- a/test/seapp_contexts +++ b/test/seapp_contexts @@ -27,3 +27,7 @@ user=_app seinfo=platform name=com.qualcomm.location.qvtester domain=location_app type=location_app_data_file user=_app seinfo=platform name=com.qualcomm.qct.dlt domain=location_app type=location_app_data_file + +#Add new domain for QSEE sample services +user=system seinfo=platform name=com.qualcomm.qti.auth.securesampleauthservice domain=qsee_svc_app type=qsee_svc_app_data_file +user=system seinfo=platform name=com.qualcomm.qti.auth.secureextauthservice domain=qsee_svc_app type=qsee_svc_app_data_file diff --git a/test/service.te b/test/service.te index 5818b6ce..f6df5364 100644 --- a/test/service.te +++ b/test/service.te @@ -1 +1,30 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + type fidotest_service, service_manager_type; +type qseeproxysample_service, service_manager_type; + diff --git a/test/service_contexts b/test/service_contexts index a97abcbd..787c9f5c 100644 --- a/test/service_contexts +++ b/test/service_contexts @@ -1 +1,30 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + com.qualcomm.qti.auth.securesampleauthdaemon u:object_r:fidotest_service:s0 +com.qualcomm.qti.qseeproxysample u:object_r:qseeproxysample_service:s0 + |