From 97baab595149ad19f74c5b60fe1cdd10e0385041 Mon Sep 17 00:00:00 2001 From: Joe Huang Date: Mon, 2 Oct 2023 16:10:50 +0800 Subject: [PATCH] Add sepolicy for gnss Bug: 294708565 Test: GPS test Change-Id: I6a460a16b4a9a7624b7769c4725a03249869bb65 --- vendor/file_contexts | 11 +++++++++++ vendor/gnss_check.te | 6 ++++++ vendor/gnssd.te | 23 +++++++++++++++++++++++ vendor/hal_gnss_default.te | 2 ++ vendor/rild.te | 1 + vendor/sctd.te | 3 +++ vendor/spad.te | 3 +++ vendor/swcnd.te | 3 +++ 8 files changed, 52 insertions(+) create mode 100644 vendor/file_contexts create mode 100644 vendor/gnss_check.te create mode 100644 vendor/gnssd.te create mode 100644 vendor/hal_gnss_default.te create mode 100644 vendor/rild.te create mode 100644 vendor/sctd.te create mode 100644 vendor/spad.te create mode 100644 vendor/swcnd.te diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..1a4c2d4 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,11 @@ +# GPS +/dev/gnss_ipc u:object_r:vendor_gnss_device:s0 +/dev/gnss_boot u:object_r:vendor_gnss_device:s0 +/dev/gnss_dump u:object_r:vendor_gnss_device:s0 + +/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0 +/vendor/bin/hw/sctd u:object_r:sctd_exec:s0 +/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0 +/vendor/bin/hw/spad u:object_r:spad_exec:s0 +/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0 +/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0 diff --git a/vendor/gnss_check.te b/vendor/gnss_check.te new file mode 100644 index 0000000..e19a8b9 --- /dev/null +++ b/vendor/gnss_check.te @@ -0,0 +1,6 @@ +type gnss_check, domain; +type gnss_check_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(gnss_check); + +allow gnss_check vendor_toolbox_exec:file { execute_no_trans }; diff --git a/vendor/gnssd.te b/vendor/gnssd.te new file mode 100644 index 0000000..ea16762 --- /dev/null +++ b/vendor/gnssd.te @@ -0,0 +1,23 @@ +type gnssd, domain; +type gnssd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gnssd); + +# Allow gnssd to access rild +binder_call(gnssd, rild); +# binder_call(gnssd, hwservicemanager) +allow gnssd hal_exynos_rild_hwservice:hwservice_manager find; +allow gnssd radio_device:chr_file rw_file_perms; + +# Allow gnssd to acess gnss device +allow gnssd vendor_gnss_device:chr_file rw_file_perms; +allow gnssd vendor_gps_file:dir create_dir_perms; +allow gnssd vendor_gps_file:file create_file_perms; +allow gnssd vendor_gps_file:fifo_file create_file_perms; + +get_prop(gnssd, bootanim_system_prop) + +# Allow gnssd to obtain wakelock +wakelock_use(gnssd) + +# Allow a base set of permissions required for network access. +net_domain(gnssd); diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te new file mode 100644 index 0000000..25fc30a --- /dev/null +++ b/vendor/hal_gnss_default.te @@ -0,0 +1,2 @@ +binder_call(hal_gnss_default, gnssd); + diff --git a/vendor/rild.te b/vendor/rild.te new file mode 100644 index 0000000..c620a19 --- /dev/null +++ b/vendor/rild.te @@ -0,0 +1 @@ +binder_call(rild, gnssd) diff --git a/vendor/sctd.te b/vendor/sctd.te new file mode 100644 index 0000000..8966ef8 --- /dev/null +++ b/vendor/sctd.te @@ -0,0 +1,3 @@ +type sctd, domain; +type sctd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(sctd); diff --git a/vendor/spad.te b/vendor/spad.te new file mode 100644 index 0000000..eaf8b1c --- /dev/null +++ b/vendor/spad.te @@ -0,0 +1,3 @@ +type spad, domain; +type spad_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(spad); diff --git a/vendor/swcnd.te b/vendor/swcnd.te new file mode 100644 index 0000000..c366cad --- /dev/null +++ b/vendor/swcnd.te @@ -0,0 +1,3 @@ +type swcnd, domain; +type swcnd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(swcnd);