From baa51816de30b95529e99546f83d2129597fec55 Mon Sep 17 00:00:00 2001 From: George Date: Fri, 10 Feb 2023 00:31:01 +0800 Subject: [PATCH] Update sepolicy for streset and stpreprocess Allow hal_secure_element_st54spi to access nfc device Allow hal_nfc_default to set se property Allow vendor_init to set nfc/se property Bug: 267838462 Test: manually trigger eSE reset without avc error Change-Id: I0ad6a0432f4fb158186874b318b5832dddce47e6 --- vendor/hal_nfc_default.te | 3 +++ vendor/hal_secure_element_st54spi.te | 1 + vendor/vendor_init.te | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te index 344ff8af..d71d9e28 100644 --- a/vendor/hal_nfc_default.te +++ b/vendor/hal_nfc_default.te @@ -1,2 +1,5 @@ # HAL NFC property get_prop(hal_nfc_default, vendor_nfc_prop) + +# SecureElement property +set_prop(hal_nfc_default, vendor_secure_element_prop) diff --git a/vendor/hal_secure_element_st54spi.te b/vendor/hal_secure_element_st54spi.te index 7f0de314..3cc726d6 100644 --- a/vendor/hal_secure_element_st54spi.te +++ b/vendor/hal_secure_element_st54spi.te @@ -3,4 +3,5 @@ type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_secure_element_st54spi) hal_server_domain(hal_secure_element_st54spi, hal_secure_element) allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms; +allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms; set_prop(hal_secure_element_st54spi, vendor_secure_element_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 2a1d3270..0a5aef13 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -17,3 +17,9 @@ set_prop(vendor_init, vendor_audio_prop) userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') + +# NFC vendor property +set_prop(vendor_init, vendor_nfc_prop) +# SecureElement vendor property +set_prop(vendor_init, vendor_secure_element_prop) +