Uwb: Create a new Uwb system service

inherit from gs101-sepolicy Signed-off-by: Rex Lin <rexcylin@google.com> Bug: 201232020 Test: ranging works Change-Id: I0567e6bda78a94c12da3401444faffb36586f331
2021-10-13 13:47:10 +08:00 · 2021-10-13 13:47:10 +08:00 · d6f5c71db9
commit d6f5c71db9
parent de48018a88
7 changed files with 66 additions and 0 deletions
--- a/whitechapel_pro/file.te
+++ b/whitechapel_pro/file.te
@ -12,6 +12,8 @@ type vendor_media_data_file, file_type, data_file_type;
 type vendor_misc_data_file, file_type, data_file_type;
 type sensor_reg_data_file, file_type, data_file_type;
 type per_boot_file, file_type, data_file_type, core_data_file_type;
+type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
+type uwb_data_vendor, file_type, data_file_type;
 userdebug_or_eng(`
  typeattribute tcpdump_vendor_data_file mlstrustedobject;
  typeattribute vendor_slog_file mlstrustedobject;
@ -59,6 +61,7 @@ type persist_modem_file, file_type, vendor_persist_type;
 type persist_ss_file, file_type, vendor_persist_type;
 type persist_battery_file, file_type, vendor_persist_type;
 type persist_sensor_reg_file, file_type, vendor_persist_type;
+type persist_uwb_file, file_type, vendor_persist_type;

 # CHRE
 type chre_socket, file_type;
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@ -18,6 +18,7 @@
 /vendor/bin/usf_stats                                                       u:object_r:vendor_usf_stats:s0
 /vendor/bin/usf_reg_edit                                                    u:object_r:vendor_usf_reg_edit:s0
 /vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
+/vendor/bin/init\.uwb\.calib\.sh                                            u:object_r:vendor_uwb_init_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty         u:object_r:hal_keymint_default_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
@ -36,6 +37,7 @@
 /vendor/bin/hw/android\.hardware\.usb@1\.3-service\.gs201                   u:object_r:hal_usb_impl_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service   u:object_r:hal_tetheroffload_default_exec:s0
+/vendor/bin/hw/hardware\.qorvo\.uwb-service                                 u:object_r:hal_uwb_vendor_default_exec:s0

 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
@ -166,12 +168,14 @@
 /data/vendor/misc(/.*)?                                                     u:object_r:vendor_misc_data_file:s0
 /data/per_boot(/.*)?                                                        u:object_r:per_boot_file:s0
 /data/vendor/sensors/registry(/.*)?                                         u:object_r:sensor_reg_data_file:s0
+/data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0

 # Persist
 /mnt/vendor/persist/modem(/.*)?                                             u:object_r:persist_modem_file:s0
 /mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
 /mnt/vendor/persist/battery(/.*)?                                           u:object_r:persist_battery_file:s0
 /mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
+/mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0

 # Extra mount images
 /mnt/vendor/modem_img(/.*)?                                                 u:object_r:modem_img_file:s0
--- a/whitechapel_pro/hal_uwb_vendor.te
+++ b/whitechapel_pro/hal_uwb_vendor.te
@ -0,0 +1,14 @@
+# HwBinder IPC from client to server
+binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
+binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
+
+hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
+
+binder_call(hal_uwb_vendor_server, servicemanager)
+
+# allow hal_uwb_vendor to set wpan interfaces up and down
+allow hal_uwb_vendor self:udp_socket create_socket_perms;
+allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+
+# allow hal_uwb_vendor to speak to nl802154 in the kernel
+allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
--- a/whitechapel_pro/hal_uwb_vendor_default.te
+++ b/whitechapel_pro/hal_uwb_vendor_default.te
@ -0,0 +1,11 @@
+type hal_uwb_vendor_default, domain;
+type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_uwb_vendor_default)
+
+add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
+binder_call(hal_uwb_vendor_default, uwb_vendor_app)
+
+allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
--- a/whitechapel_pro/service.te
+++ b/whitechapel_pro/service.te
@ -1,2 +1,4 @@
 type hal_pixel_display_service, service_manager_type, vendor_service;
 type touch_service, service_manager_type, vendor_service;
+type hal_uwb_vendor_service, service_manager_type, vendor_service;
+type uwb_vendor_service, service_manager_type, vendor_service;
--- a/whitechapel_pro/uwb_vendor_app.te
+++ b/whitechapel_pro/uwb_vendor_app.te
@ -0,0 +1,22 @@
+type uwb_vendor_app, domain;
+
+app_domain(uwb_vendor_app)
+
+add_service(uwb_vendor_app, uwb_vendor_service)
+
+not_recovery(`
+hal_client_domain(uwb_vendor_app, hal_uwb_vendor)
+
+allow uwb_vendor_app app_api_service:service_manager find;
+allow uwb_vendor_app hal_uwb_vendor_service:service_manager find;
+allow uwb_vendor_app nfc_service:service_manager find;
+allow uwb_vendor_app radio_service:service_manager find;
+
+allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
+allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
+
+allow hal_uwb_vendor_default self:global_capability_class_set sys_nice;
+allow hal_uwb_vendor_default kernel:process setsched;
+
+binder_call(uwb_vendor_app, hal_uwb_vendor_default)
+')
--- a/whitechapel_pro/vendor_uwb_init.te
+++ b/whitechapel_pro/vendor_uwb_init.te
@ -0,0 +1,10 @@
+type vendor_uwb_init, domain;
+type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_uwb_init)
+
+allow vendor_uwb_init vendor_shell_exec:file rx_file_perms;
+allow vendor_uwb_init vendor_toolbox_exec:file  rx_file_perms;
+
+allow vendor_uwb_init uwb_data_vendor:file create_file_perms;
+allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;