Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gs-sepolicy(uwb): Changes for new UCI stack

Browse source 
1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Bug: 204718220
Bug: 206045367
Test: Manual Tests
Change-Id: Ib0456617d0f5cf116d11a9412f47f36e2b8df570
This commit is contained in:
Roshan Pius 2022-02-24 07:13:01 -08:00 committed by TreeHugger Robot
parent 5ddc8be4f4
commit c5710ad18e
8 changed files with 16 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tracking_denials/hal_uwb_vendor_default.te
View file

@ -1,8 +1,3 @@
# b/204718220
dontaudit hal_uwb_vendor_default default_android_service:service_manager { add };
# b/206045367
dontaudit hal_uwb_vendor_default zygote:binder { call };
dontaudit hal_uwb_vendor_default zygote:binder { transfer };
# b/208721505 # b/208721505
dontaudit hal_uwb_vendor_default dumpstate:fd { use }; dontaudit hal_uwb_vendor_default dumpstate:fd { use };
dontaudit hal_uwb_vendor_default dumpstate:fifo_file { write }; dontaudit hal_uwb_vendor_default dumpstate:fifo_file { write };

2
whitechapel_pro/file_contexts
View file

@ -37,7 +37,7 @@
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
# Vendor Firmwares # Vendor Firmwares

3
whitechapel_pro/hal_nfc_default.te
View file

@ -10,3 +10,6 @@ set_prop(hal_nfc_default, vendor_modem_prop)
# Access uwb cal for SecureRanging Applet # Access uwb cal for SecureRanging Applet
allow hal_nfc_default uwb_data_vendor:dir r_dir_perms; allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
allow hal_nfc_default uwb_data_vendor:file r_file_perms; allow hal_nfc_default uwb_data_vendor:file r_file_perms;
# allow nfc to read uwb calibration file
get_prop(hal_nfc_default, vendor_uwb_calibration_prop)

3
whitechapel_pro/hal_uwb_vendor_default.te
View file

@ -2,6 +2,7 @@ type hal_uwb_vendor_default, domain;
type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_uwb_vendor_default) init_daemon_domain(hal_uwb_vendor_default)
hal_server_domain(hal_uwb_vendor_default, hal_uwb)
add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
@ -9,3 +10,5 @@ binder_call(hal_uwb_vendor_default, uwb_vendor_app)
allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms; allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms; allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)

3
whitechapel_pro/property.te
View file

@ -26,3 +26,6 @@ vendor_internal_prop(vendor_display_prop)
# Fingerprint # Fingerprint
vendor_internal_prop(vendor_fingerprint_prop) vendor_internal_prop(vendor_fingerprint_prop)
# UWB calibration
system_vendor_config_prop(vendor_uwb_calibration_prop)

3
whitechapel_pro/property_contexts
View file

@ -93,3 +93,6 @@ persist.vendor.gps. u:object_r:vendor_gps_prop:s0
# Fingerprint # Fingerprint
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
vendor.gf. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0
#uwb
ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string

3
whitechapel_pro/seapp_contexts
View file

@ -45,7 +45,8 @@ user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_
user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
# Qorvo UWB system app # Qorvo UWB system app
user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # TODO(b/222204912): Should this run under uwb user?
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
# Domain for EuiccSupportPixel # Domain for EuiccSupportPixel
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all

2
whitechapel_pro/service_contexts
View file

@ -1,3 +1,3 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_vendor_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0 uwb_vendor u:object_r:uwb_vendor_service:s0