Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gs-sepolicy(uwb): Changes for new UCI stack

Browse source 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Test: Manual Tests
Change-Id: I2c7c2466f42317d643634e24b1efb1855e673d09
This commit is contained in:
Roshan Pius 2022-02-18 15:36:58 -08:00
parent 6b7fff8497
commit 34c5b9b239
7 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
whitechapel/vendor/google/file_contexts vendored
View file

@ -347,7 +347,7 @@
# Uwb # Uwb
# R4 # R4
/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0

3
whitechapel/vendor/google/hal_nfc_default.te vendored
View file

@ -10,3 +10,6 @@ set_prop(hal_nfc_default, vendor_modem_prop)
# Access uwb cal for SecureRanging Applet # Access uwb cal for SecureRanging Applet
allow hal_nfc_default uwb_data_vendor:dir r_dir_perms; allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
allow hal_nfc_default uwb_data_vendor:file r_file_perms; allow hal_nfc_default uwb_data_vendor:file r_file_perms;
# allow nfc to read uwb calibration file
get_prop(hal_nfc_default, vendor_uwb_calibration_prop)

3
whitechapel/vendor/google/hal_uwb_vendor_default.te vendored
View file

@ -2,6 +2,7 @@ type hal_uwb_vendor_default, domain;
type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_uwb_vendor_default) init_daemon_domain(hal_uwb_vendor_default)
hal_server_domain(hal_uwb_vendor_default, hal_uwb)
add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
@ -9,3 +10,5 @@ binder_call(hal_uwb_vendor_default, uwb_vendor_app)
allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms; allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms; allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)

2
whitechapel/vendor/google/property.te vendored
View file

@ -53,3 +53,5 @@ vendor_internal_prop(vendor_fingerprint_fake_prop)
# Dynamic sensor # Dynamic sensor
vendor_internal_prop(vendor_dynamic_sensor_prop) vendor_internal_prop(vendor_dynamic_sensor_prop)
# UWB calibration
system_vendor_config_prop(vendor_uwb_calibration_prop)

2
whitechapel/vendor/google/property_contexts vendored
View file

@ -110,3 +110,5 @@ vendor.fingerprint.disable.fake u:object_r:vendor_fingerprint_fa
# Dynamic sensor # Dynamic sensor
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
# uwb
ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string

3
whitechapel/vendor/google/seapp_contexts vendored
View file

@ -48,7 +48,8 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=
user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
# Qorvo UWB system app # Qorvo UWB system app
user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # TODO(b/222204912): Should this run under uwb user?
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
# Domain for EuiccSupportPixel # Domain for EuiccSupportPixel
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all

2
whitechapel/vendor/google/service_contexts vendored
View file

@ -1,4 +1,4 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0 uwb_vendor u:object_r:uwb_vendor_service:s0
hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_vendor_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0