Initial device tangorpro sepolicy

Bug: 220073297 Change-Id: Icbae09127d46c74aaa49bf417be263e62ce0c0ca
2022-03-08 23:10:42 +08:00 · 2022-03-08 23:10:42 +08:00 · aa2098ee18
commit aa2098ee18
parent eeb18c67fd
12 changed files with 43 additions and 0 deletions
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+include platform/system/sepolicy:/OWNERS
+
+rurumihong@google.com
--- a/bluetooth/device.te
+++ b/bluetooth/device.te
@ -0,0 +1 @@
+type bt_device, dev_type;
--- a/bluetooth/file_contexts
+++ b/bluetooth/file_contexts
@ -0,0 +1,5 @@
+# Bluetooth
+/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti  u:object_r:hal_bluetooth_default_exec:s0
+
+/dev/btpower                                    u:object_r:bt_device:s0
+/dev/ttySAC18                                   u:object_r:hci_attach_dev:s0
--- a/bluetooth/genfs_contexts
+++ b/bluetooth/genfs_contexts
@ -0,0 +1 @@
+genfscon sysfs /devices/platform/odm/odm:btqcom/rfkill/rfkill0/state                             u:object_r:sysfs_bluetooth_writable:s0
--- a/bluetooth/hal_bluetooth_default.te
+++ b/bluetooth/hal_bluetooth_default.te
@ -0,0 +1,9 @@
+allow hal_bluetooth_default bt_device:chr_file rw_file_perms;
+
+add_hwservice(hal_bluetooth_default, hal_bluetooth_coexistence_hwservice)
+
+userdebug_or_eng(`
+  allow hal_bluetooth_default sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms;
+  allow hal_bluetooth_default sscoredump_vendor_data_crashinfo_file:file { create_file_perms };
+  set_prop(hal_bluetooth_default, vendor_ssrdump_prop)
+')
--- a/bluetooth/hwservice.te
+++ b/bluetooth/hwservice.te
@ -0,0 +1,2 @@
+# Bluetooth HAL extension
+type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
--- a/bluetooth/hwservice_contexts
+++ b/bluetooth/hwservice_contexts
@ -0,0 +1,3 @@
+# Bluetooth HAL extension
+hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance   u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.sar::IBluetoothSar                          u:object_r:hal_bluetooth_coexistence_hwservice:s0
--- a/tangorpro-sepolicy.mk
+++ b/tangorpro-sepolicy.mk
@ -0,0 +1,2 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/tangorpro-sepolicy/vendor
--- a/vendor/README.txt
+++ b/vendor/README.txt
@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/vendor/device.te
+++ b/vendor/device.te
@ -0,0 +1,2 @@
+# Wifi
+type vendor_wlan_device, dev_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -0,0 +1,12 @@
+# Devices
+/dev/lwis-act-lc898129                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-lc898129                                                   u:object_r:lwis_device:s0
+/dev/lwis-eeprom-m24c64x-imx712                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-m24c64x-imx712-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-ois-lc898129                                                      u:object_r:lwis_device:s0
+/dev/lwis-sensor-imx712                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-imx712-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-sensor-imx787                                                     u:object_r:lwis_device:s0
+
+# Wifi
+/dev/wlan                               u:object_r:vendor_wlan_device:s0
--- a/vendor/hal_wifi_ext.te
+++ b/vendor/hal_wifi_ext.te
@ -0,0 +1 @@
+allow hal_wifi_ext vendor_wlan_device:chr_file w_file_perms;
				`@ -0,0 +1 @@`
				`genfscon sysfs /devices/platform/odm/odm:btqcom/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0`
				`@ -0,0 +1 @@`
				`allow hal_wifi_ext vendor_wlan_device:chr_file w_file_perms;`