sensors: Move USF related sepolicy to gs-common.
Bug: 305120274
Test: Compile pass. Flash the build to WHI devices and no sensor
related avc denied log.
Change-Id: I56174a24d159968c01d1572e84f4bcdd7930a709
Signed-off-by: Rick Chen <rickctchen@google.com>
This commit is contained in:
Rick Chen
parent
ea198bd127
commit
04e4ac1717
6 changed files with 24 additions and 128 deletions
|
|
@ -10,9 +10,6 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/private
|
|||
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common
|
||||
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101
|
||||
|
||||
# Micro sensor framework (usf)
|
||||
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf
|
||||
|
||||
# system_ext
|
||||
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/public
|
||||
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/private
|
||||
|
|
|
|||
16
usf/file.te
16
usf/file.te
|
|
@ -1,16 +0,0 @@
|
|||
#
|
||||
# USF file SELinux type enforcements.
|
||||
#
|
||||
|
||||
# Declare the sensor registry persist file type. By convention, persist file
|
||||
# types begin with "persist_".
|
||||
type persist_sensor_reg_file, file_type, vendor_persist_type;
|
||||
|
||||
# Declare the sensor registry data file type. By convention, data file types
|
||||
# end with "data_file".
|
||||
type sensor_reg_data_file, file_type, data_file_type;
|
||||
|
||||
# Declare the sensor debug data file type. By convention, data file types
|
||||
# end with "data_file".
|
||||
type sensor_debug_data_file, file_type, data_file_type;
|
||||
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
#
|
||||
# USF SELinux file security contexts.
|
||||
#
|
||||
|
||||
# Sensor registry persist files.
|
||||
/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
|
||||
|
||||
# Sensor registry data files.
|
||||
/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
|
||||
|
||||
# Sensor debug data files.
|
||||
/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
#
|
||||
# USF sensor HAL SELinux type enforcements.
|
||||
#
|
||||
|
||||
# Allow reading of sensor registry persist files and camera persist files.
|
||||
allow hal_sensors_default persist_file:dir search;
|
||||
allow hal_sensors_default mnt_vendor_file:dir search;
|
||||
r_dir_file(hal_sensors_default, persist_sensor_reg_file)
|
||||
r_dir_file(hal_sensors_default, persist_camera_file)
|
||||
|
||||
# Allow creation and writing of sensor registry data files.
|
||||
allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
|
||||
allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Allow creation and writing of sensor debug data files.
|
||||
allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms;
|
||||
allow hal_sensors_default sensor_debug_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
# Allow access to the AoC communication driver.
|
||||
allow hal_sensors_default aoc_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
|
||||
# to synchronize the AP and AoC clock timestamps.
|
||||
allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms;
|
||||
|
||||
# Allow create thread to watch AOC's device.
|
||||
allow hal_sensors_default device:dir r_dir_perms;
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
r_dir_file(hal_sensors_default, sysfs_chosen)
|
||||
|
||||
# Allow display_info_service access to the backlight driver.
|
||||
allow hal_sensors_default sysfs_leds:dir search;
|
||||
allow hal_sensors_default sysfs_leds:file rw_file_perms;
|
||||
|
||||
# Allow access to the power supply files for MagCC.
|
||||
r_dir_file(hal_sensors_default, sysfs_batteryinfo)
|
||||
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
|
||||
|
||||
# Allow access to sensor service for sensor_listener.
|
||||
binder_call(hal_sensors_default, system_server);
|
||||
|
||||
# Allow access to the sysfs_aoc.
|
||||
allow hal_sensors_default sysfs_aoc:dir search;
|
||||
allow hal_sensors_default sysfs_aoc:file r_file_perms;
|
||||
|
||||
# Allow use of the USF low latency transport.
|
||||
usf_low_latency_transport(hal_sensors_default)
|
||||
|
||||
# Allow sensor HAL to reset AOC.
|
||||
allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
|
||||
|
||||
# Allow sensor HAL to read AoC dumpstate.
|
||||
allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
|
||||
|
||||
# Allow access for AoC properties.
|
||||
get_prop(hal_sensors_default, vendor_aoc_prop)
|
||||
|
||||
# Allow access for dynamic sensor properties.
|
||||
get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
|
||||
|
||||
# Allow access to raw HID devices for dynamic sensors.
|
||||
allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow sensor HAL to access the display service HAL
|
||||
allow hal_sensors_default hal_pixel_display_service:service_manager find;
|
||||
binder_call(hal_sensors_default, hal_graphics_composer_default)
|
||||
|
||||
# Allow sensor HAL to access to display sysfs.
|
||||
allow hal_sensors_default sysfs_display:file r_file_perms;
|
||||
|
||||
#
|
||||
# Suez type enforcements.
|
||||
#
|
||||
|
||||
# Allow SensorSuez to connect AIDL stats.
|
||||
binder_use(hal_sensors_default);
|
||||
allow hal_sensors_default fwk_stats_service:service_manager find;
|
||||
|
||||
# Allow access to CHRE socket to connect to nanoapps.
|
||||
unix_socket_connect(hal_sensors_default, chre, chre)
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
#
|
||||
# USF SELinux type enforcement macros.
|
||||
#
|
||||
|
||||
#
|
||||
# usf_low_latency_transport(domain)
|
||||
#
|
||||
# Allows domain use of the USF low latency transport.
|
||||
#
|
||||
define(`usf_low_latency_transport', `
|
||||
allow $1 hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||
hal_client_domain($1, hal_graphics_allocator)
|
||||
')
|
||||
|
||||
24
whitechapel/vendor/google/hal_sensors_default.te
vendored
Normal file
24
whitechapel/vendor/google/hal_sensors_default.te
vendored
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
#
|
||||
# USF sensor HAL SELinux type enforcements.
|
||||
#
|
||||
|
||||
# Allow reading of camera persist files.
|
||||
r_dir_file(hal_sensors_default, persist_camera_file)
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
r_dir_file(hal_sensors_default, sysfs_chosen)
|
||||
|
||||
# Allow access for dynamic sensor properties.
|
||||
get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
|
||||
|
||||
# Allow access to raw HID devices for dynamic sensors.
|
||||
allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow sensor HAL to access the display service HAL
|
||||
allow hal_sensors_default hal_pixel_display_service:service_manager find;
|
||||
|
||||
# Allow sensor HAL to access the graphics composer.
|
||||
binder_call(hal_sensors_default, hal_graphics_composer_default)
|
||||
|
||||
# Allow access to the power supply files for MagCC.
|
||||
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
|
||||
Loading…
Add table
Add a link
Reference in a new issue