refactor hal_secure_element
01-01 20:00:07.579 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.595 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.596 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.599 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.600 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.601 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.602 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
09-03 10:51:44.574 419 419 E SELinux : avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
Bug: 198713948
Test: boot with secure_element started
Change-Id: Ie79b80f3c0fbe21c898e6a67384d98a2cc282f93
Change-Id: I14d9f01b6ef901fd87e8927d691ce96a9b174ed3
This commit is contained in:
Adam Shih
parent
18fb79d460
commit
b05c0902ad
6 changed files with 82 additions and 81 deletions
|
|
@ -160,15 +160,6 @@
|
||||||
/dev/st21nfc u:object_r:nfc_device:s0
|
/dev/st21nfc u:object_r:nfc_device:s0
|
||||||
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
||||||
|
|
||||||
# SecureElement
|
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service\.st u:object_r:hal_secure_element_default_exec:s0
|
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_default_exec:s0
|
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_default_exec:s0
|
|
||||||
/dev/st54j_se u:object_r:secure_element_device:s0
|
|
||||||
/dev/st54spi u:object_r:secure_element_device:s0
|
|
||||||
/dev/st33spi u:object_r:secure_element_device:s0
|
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_default_exec:s0
|
|
||||||
|
|
||||||
# Bluetooth
|
# Bluetooth
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
||||||
/dev/wbrc u:object_r:wb_coexistence_dev:s0
|
/dev/wbrc u:object_r:wb_coexistence_dev:s0
|
||||||
|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
|
|
||||||
allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
|
|
||||||
set_prop(hal_secure_element_default, vendor_secure_element_prop)
|
|
||||||
set_prop(hal_secure_element_default, vendor_nfc_prop)
|
|
||||||
set_prop(hal_secure_element_default, vendor_modem_prop)
|
|
||||||
|
|
||||||
# Allow hal_secure_element_default to access rild
|
|
||||||
binder_call(hal_secure_element_default, rild);
|
|
||||||
allow hal_secure_element_default hal_exynos_rild_hwservice:hwservice_manager find;
|
|
||||||
|
|
||||||
|
|
@ -9,11 +9,16 @@
|
||||||
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||||
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
|
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
|
||||||
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_gto_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_gto_ese2_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||||
|
|
||||||
# Vendor Firmwares
|
# Vendor Firmwares
|
||||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||||
|
|
||||||
# Devices
|
# Devices
|
||||||
|
/dev/st54spi u:object_r:secure_element_device:s0
|
||||||
|
/dev/st33spi u:object_r:secure_element_device:s0
|
||||||
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||||
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||||
/dev/umts_boot0 u:object_r:radio_device:s0
|
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||||
|
|
|
||||||
5
whitechapel_pro/hal_secure_element_gto.te
Normal file
5
whitechapel_pro/hal_secure_element_gto.te
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
type hal_secure_element_gto, domain;
|
||||||
|
type hal_secure_element_gto_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
hal_server_domain(hal_secure_element_gto, hal_secure_element)
|
||||||
|
init_daemon_domain(hal_secure_element_gto)
|
||||||
5
whitechapel_pro/hal_secure_element_gto_ese2.te
Normal file
5
whitechapel_pro/hal_secure_element_gto_ese2.te
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
type hal_secure_element_gto_ese2, domain;
|
||||||
|
type hal_secure_element_gto_ese2_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
hal_server_domain(hal_secure_element_gto_ese2, hal_secure_element)
|
||||||
|
init_daemon_domain(hal_secure_element_gto_ese2)
|
||||||
5
whitechapel_pro/hal_secure_element_uicc.te
Normal file
5
whitechapel_pro/hal_secure_element_uicc.te
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
type hal_secure_element_uicc, domain;
|
||||||
|
type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
hal_server_domain(hal_secure_element_uicc, hal_secure_element)
|
||||||
|
init_daemon_domain(hal_secure_element_uicc)
|
||||||
Loading…
Add table
Add a link
Reference in a new issue