From d6f5c71db98ea81efcdab7505637edc91a002c00 Mon Sep 17 00:00:00 2001 From: Rex Lin Date: Wed, 13 Oct 2021 13:47:10 +0800 Subject: [PATCH] Uwb: Create a new Uwb system service inherit from gs101-sepolicy Signed-off-by: Rex Lin Bug: 201232020 Test: ranging works Change-Id: I0567e6bda78a94c12da3401444faffb36586f331 --- whitechapel_pro/file.te | 3 +++ whitechapel_pro/file_contexts | 4 ++++ whitechapel_pro/hal_uwb_vendor.te | 14 ++++++++++++++ whitechapel_pro/hal_uwb_vendor_default.te | 11 +++++++++++ whitechapel_pro/service.te | 2 ++ whitechapel_pro/uwb_vendor_app.te | 22 ++++++++++++++++++++++ whitechapel_pro/vendor_uwb_init.te | 10 ++++++++++ 7 files changed, 66 insertions(+) create mode 100644 whitechapel_pro/hal_uwb_vendor.te create mode 100644 whitechapel_pro/hal_uwb_vendor_default.te create mode 100644 whitechapel_pro/uwb_vendor_app.te create mode 100644 whitechapel_pro/vendor_uwb_init.te diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index 48272ace..3f6ae4ca 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -12,6 +12,8 @@ type vendor_media_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; userdebug_or_eng(` typeattribute tcpdump_vendor_data_file mlstrustedobject; typeattribute vendor_slog_file mlstrustedobject; @@ -59,6 +61,7 @@ type persist_modem_file, file_type, vendor_persist_type; type persist_ss_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; type persist_sensor_reg_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; # CHRE type chre_socket, file_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index c7c26a4b..d6dcbfc8 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -18,6 +18,7 @@ /vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0 /vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 @@ -36,6 +37,7 @@ /vendor/bin/hw/android\.hardware\.usb@1\.3-service\.gs201 u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service u:object_r:hal_tetheroffload_default_exec:s0 +/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -166,12 +168,14 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 # Persist /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 # Extra mount images /mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0 diff --git a/whitechapel_pro/hal_uwb_vendor.te b/whitechapel_pro/hal_uwb_vendor.te new file mode 100644 index 00000000..6fda95ab --- /dev/null +++ b/whitechapel_pro/hal_uwb_vendor.te @@ -0,0 +1,14 @@ +# HwBinder IPC from client to server +binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server) +binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client) + +hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service) + +binder_call(hal_uwb_vendor_server, servicemanager) + +# allow hal_uwb_vendor to set wpan interfaces up and down +allow hal_uwb_vendor self:udp_socket create_socket_perms; +allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL }; + +# allow hal_uwb_vendor to speak to nl802154 in the kernel +allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl; diff --git a/whitechapel_pro/hal_uwb_vendor_default.te b/whitechapel_pro/hal_uwb_vendor_default.te new file mode 100644 index 00000000..f72e879d --- /dev/null +++ b/whitechapel_pro/hal_uwb_vendor_default.te @@ -0,0 +1,11 @@ +type hal_uwb_vendor_default, domain; +type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_uwb_vendor_default) + +add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) + +hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) +binder_call(hal_uwb_vendor_default, uwb_vendor_app) + +allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms; +allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms; diff --git a/whitechapel_pro/service.te b/whitechapel_pro/service.te index abeeedcd..53ef7f29 100644 --- a/whitechapel_pro/service.te +++ b/whitechapel_pro/service.te @@ -1,2 +1,4 @@ type hal_pixel_display_service, service_manager_type, vendor_service; type touch_service, service_manager_type, vendor_service; +type hal_uwb_vendor_service, service_manager_type, vendor_service; +type uwb_vendor_service, service_manager_type, vendor_service; diff --git a/whitechapel_pro/uwb_vendor_app.te b/whitechapel_pro/uwb_vendor_app.te new file mode 100644 index 00000000..223383c1 --- /dev/null +++ b/whitechapel_pro/uwb_vendor_app.te @@ -0,0 +1,22 @@ +type uwb_vendor_app, domain; + +app_domain(uwb_vendor_app) + +add_service(uwb_vendor_app, uwb_vendor_service) + +not_recovery(` +hal_client_domain(uwb_vendor_app, hal_uwb_vendor) + +allow uwb_vendor_app app_api_service:service_manager find; +allow uwb_vendor_app hal_uwb_vendor_service:service_manager find; +allow uwb_vendor_app nfc_service:service_manager find; +allow uwb_vendor_app radio_service:service_manager find; + +allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms; +allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; + +allow hal_uwb_vendor_default self:global_capability_class_set sys_nice; +allow hal_uwb_vendor_default kernel:process setsched; + +binder_call(uwb_vendor_app, hal_uwb_vendor_default) +') diff --git a/whitechapel_pro/vendor_uwb_init.te b/whitechapel_pro/vendor_uwb_init.te new file mode 100644 index 00000000..716af19c --- /dev/null +++ b/whitechapel_pro/vendor_uwb_init.te @@ -0,0 +1,10 @@ +type vendor_uwb_init, domain; +type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(vendor_uwb_init) + +allow vendor_uwb_init vendor_shell_exec:file rx_file_perms; +allow vendor_uwb_init vendor_toolbox_exec:file rx_file_perms; + +allow vendor_uwb_init uwb_data_vendor:file create_file_perms; +allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;