refactor hal_secure_element
01-01 20:00:07.579 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.595 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.596 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.599 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.600 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.601 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.602 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
09-03 10:51:44.574 419 419 E SELinux : avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
Bug: 198713948
Test: boot with secure_element started
Change-Id: Ie79b80f3c0fbe21c898e6a67384d98a2cc282f93
Change-Id: I14d9f01b6ef901fd87e8927d691ce96a9b174ed3
This commit is contained in:
Adam Shih
parent
18fb79d460
commit
b05c0902ad
6 changed files with 82 additions and 81 deletions
|
|
@ -160,15 +160,6 @@
|
|||
/dev/st21nfc u:object_r:nfc_device:s0
|
||||
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
||||
|
||||
# SecureElement
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service\.st u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_default_exec:s0
|
||||
/dev/st54j_se u:object_r:secure_element_device:s0
|
||||
/dev/st54spi u:object_r:secure_element_device:s0
|
||||
/dev/st33spi u:object_r:secure_element_device:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_default_exec:s0
|
||||
|
||||
# Bluetooth
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
||||
/dev/wbrc u:object_r:wb_coexistence_dev:s0
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
|
||||
allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
|
||||
set_prop(hal_secure_element_default, vendor_secure_element_prop)
|
||||
set_prop(hal_secure_element_default, vendor_nfc_prop)
|
||||
set_prop(hal_secure_element_default, vendor_modem_prop)
|
||||
|
||||
# Allow hal_secure_element_default to access rild
|
||||
binder_call(hal_secure_element_default, rild);
|
||||
allow hal_secure_element_default hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
|
||||
|
|
@ -1,73 +1,78 @@
|
|||
# Binaries
|
||||
/vendor/bin/dmd u:object_r:dmd_exec:s0
|
||||
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
||||
/vendor/bin/sced u:object_r:sced_exec:s0
|
||||
/vendor/bin/vcd u:object_r:vcd_exec:s0
|
||||
/vendor/bin/chre u:object_r:chre_exec:s0
|
||||
/vendor/bin/cbd u:object_r:cbd_exec:s0
|
||||
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
|
||||
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
|
||||
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
||||
/vendor/bin/dmd u:object_r:dmd_exec:s0
|
||||
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
||||
/vendor/bin/sced u:object_r:sced_exec:s0
|
||||
/vendor/bin/vcd u:object_r:vcd_exec:s0
|
||||
/vendor/bin/chre u:object_r:chre_exec:s0
|
||||
/vendor/bin/cbd u:object_r:cbd_exec:s0
|
||||
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
|
||||
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
|
||||
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_gto_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_gto_ese2_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
|
||||
# Devices
|
||||
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc1 u:object_r:radio_device:s0
|
||||
/dev/umts_rfs0 u:object_r:radio_device:s0
|
||||
/dev/umts_dm0 u:object_r:radio_device:s0
|
||||
/dev/umts_router u:object_r:radio_device:s0
|
||||
/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0
|
||||
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
|
||||
/dev/socket/chre u:object_r:chre_socket:s0
|
||||
/dev/block/sda u:object_r:sda_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/st54spi u:object_r:secure_element_device:s0
|
||||
/dev/st33spi u:object_r:secure_element_device:s0
|
||||
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc1 u:object_r:radio_device:s0
|
||||
/dev/umts_rfs0 u:object_r:radio_device:s0
|
||||
/dev/umts_dm0 u:object_r:radio_device:s0
|
||||
/dev/umts_router u:object_r:radio_device:s0
|
||||
/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0
|
||||
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
|
||||
/dev/socket/chre u:object_r:chre_socket:s0
|
||||
/dev/block/sda u:object_r:sda_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
|
||||
# Data
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
|
||||
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
||||
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
|
||||
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
|
||||
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
||||
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
|
||||
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
||||
|
||||
# Persist
|
||||
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
|
||||
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
|
||||
|
||||
# Extra mount images
|
||||
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
|
||||
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
|
||||
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
|
||||
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
|
||||
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
|
||||
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
|
||||
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
|
||||
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
|
||||
|
|
|
|||
5
whitechapel_pro/hal_secure_element_gto.te
Normal file
5
whitechapel_pro/hal_secure_element_gto.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_secure_element_gto, domain;
|
||||
type hal_secure_element_gto_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
hal_server_domain(hal_secure_element_gto, hal_secure_element)
|
||||
init_daemon_domain(hal_secure_element_gto)
|
||||
5
whitechapel_pro/hal_secure_element_gto_ese2.te
Normal file
5
whitechapel_pro/hal_secure_element_gto_ese2.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_secure_element_gto_ese2, domain;
|
||||
type hal_secure_element_gto_ese2_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
hal_server_domain(hal_secure_element_gto_ese2, hal_secure_element)
|
||||
init_daemon_domain(hal_secure_element_gto_ese2)
|
||||
5
whitechapel_pro/hal_secure_element_uicc.te
Normal file
5
whitechapel_pro/hal_secure_element_uicc.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_secure_element_uicc, domain;
|
||||
type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
hal_server_domain(hal_secure_element_uicc, hal_secure_element)
|
||||
init_daemon_domain(hal_secure_element_uicc)
|
||||
Loading…
Add table
Add a link
Reference in a new issue