Merge "sepolicy: Policy for QSEE proxy daemon and services"

5 files changed, 120 insertions, 0 deletions

diff --git a/test/file_contexts b/test/file_contexts
index ed23e043..9a44684a 100755
--- a/test/file_contexts
+++ b/test/file_contexts
@@ -40,6 +40,7 @@
 
 #Authentication and FIDO
 /system/vendor/bin/sampleauthdaemon             u:object_r:fidotest_exec:s0
+/system/vendor/bin/qseeproxysampledaemon        u:object_r:qseeproxysample_exec:s0
 
 #Context for location features
 /system/bin/sdp_test                            u:object_r:location_exec:s0
diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te
new file mode 100644
index 00000000..6b59bd14
--- /dev/null
+++ b/test/qseeproxysample.te
@@ -0,0 +1,57 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type qseeproxysample, domain;
+type qseeproxysample_exec, exec_type, file_type;
+init_daemon_domain(qseeproxysample)
+userdebug_or_eng(`
+  #Allow test daemons to use Binder IPC
+  binder_use(qseeproxysample)
+
+  #Allow services to interact with test daemon
+  binder_call(qseeproxysample, qsee_svc_app)
+  binder_call(qsee_svc_app, qseeproxysample)
+
+  # Mark test daemon as a Binder service domain
+  binder_service(qseeproxysample)
+
+  #Allow test daemon to be registered with service manager
+  allow qseeproxysample qseeproxysample_service:service_manager add;
+
+  #Allow test daemon to use system_server via binder to check caller identity
+  binder_call(qseeproxysample, system_server)
+
+  # Allow communication with init over property server
+  unix_socket_connect(qseeproxysample, property, init);
+
+  # Allow access to tee device
+  allow qseeproxysample tee_device:chr_file rw_file_perms;
+
+  # Allow access to firmware
+  allow qseeproxysample firmware_file:dir r_dir_perms;
+  allow qseeproxysample firmware_file:file r_file_perms;
+')
diff --git a/test/seapp_contexts b/test/seapp_contexts
index 48aea987..214a72a9 100644
--- a/test/seapp_contexts
+++ b/test/seapp_contexts
@@ -27,3 +27,7 @@
 
 user=_app seinfo=platform name=com.qualcomm.location.qvtester domain=location_app type=location_app_data_file
 user=_app seinfo=platform name=com.qualcomm.qct.dlt domain=location_app type=location_app_data_file
+
+#Add new domain for QSEE sample services
+user=system seinfo=platform name=com.qualcomm.qti.auth.securesampleauthservice domain=qsee_svc_app type=qsee_svc_app_data_file
+user=system seinfo=platform name=com.qualcomm.qti.auth.secureextauthservice domain=qsee_svc_app type=qsee_svc_app_data_file
diff --git a/test/service.te b/test/service.te
index 5818b6ce..f6df5364 100644
--- a/test/service.te
+++ b/test/service.te
@@ -1 +1,30 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 type fidotest_service,        service_manager_type;
+type qseeproxysample_service, service_manager_type;
+
diff --git a/test/service_contexts b/test/service_contexts
index a97abcbd..787c9f5c 100644
--- a/test/service_contexts
+++ b/test/service_contexts
@@ -1 +1,30 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 com.qualcomm.qti.auth.securesampleauthdaemon   u:object_r:fidotest_service:s0
+com.qualcomm.qti.qseeproxysample               u:object_r:qseeproxysample_service:s0
+