From 74c4300652f2418a67e00d5aef74d1eb0e28dbdc Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Sat, 9 Jul 2022 10:02:06 +0200 Subject: [PATCH] sepolicy: qti: Add rules for vendor.oplus.hardware.oplusSensor Change-Id: I3f51f2586e0af11749bd2cdb5a744b7b2fcb283d --- sepolicy/qti/vendor/attributes | 1 + sepolicy/qti/vendor/file.te | 2 ++ sepolicy/qti/vendor/file_contexts | 5 +++-- sepolicy/qti/vendor/genfs_contexts | 2 ++ sepolicy/qti/vendor/hwservice.te | 3 +++ sepolicy/qti/vendor/hwservice_contexts | 3 +++ sepolicy/qti/vendor/te_macros | 9 +++++++++ .../vendor/vendor_hal_oplusSensor_default.te | 20 +++++++++++++++++++ 8 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 sepolicy/qti/vendor/attributes create mode 100644 sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te diff --git a/sepolicy/qti/vendor/attributes b/sepolicy/qti/vendor/attributes new file mode 100644 index 0000000..01774f4 --- /dev/null +++ b/sepolicy/qti/vendor/attributes @@ -0,0 +1 @@ +vendor_hal_attribute(oplusSensor) diff --git a/sepolicy/qti/vendor/file.te b/sepolicy/qti/vendor/file.te index 3c14587..5e46560 100644 --- a/sepolicy/qti/vendor/file.te +++ b/sepolicy/qti/vendor/file.te @@ -18,6 +18,8 @@ type vendor_proc_engineer, fs_type, proc_type; type vendor_proc_fingerprint, fs_type, proc_type; # Sensors +type vendor_proc_eng_cali_file, fs_type, proc_type; +type vendor_proc_oplus_als_file, fs_type, proc_type; type vendor_sysfs_sensor_fb, fs_type, sysfs_type; # Versioning diff --git a/sepolicy/qti/vendor/file_contexts b/sepolicy/qti/vendor/file_contexts index 84024cd..8b9216c 100644 --- a/sepolicy/qti/vendor/file_contexts +++ b/sepolicy/qti/vendor/file_contexts @@ -55,8 +55,9 @@ /dev/block/platform/soc/1d84000\.ufshc/by-name/oplusreserve4 u:object_r:vendor_reserve_partition:s0 # Sensors -/(odm|vendor/odm)/bin/oplus_sensor_fb u:object_r:vendor_sensors_exec:s0 -/dev/ssc_interactive u:object_r:ssc_interactive_device:s0 +/(odm|vendor/odm)/bin/hw/vendor\.oplus\.hardware\.oplusSensor@1\.0-service u:object_r:vendor_hal_oplusSensor_default_exec:s0 +/(odm|vendor/odm)/bin/oplus_sensor_fb u:object_r:vendor_sensors_exec:s0 +/dev/ssc_interactive u:object_r:ssc_interactive_device:s0 # Spunvm /dev/block/platform/soc/1d84000\.ufshc/by-name/spunvm u:object_r:vendor_efs_boot_dev:s0 diff --git a/sepolicy/qti/vendor/genfs_contexts b/sepolicy/qti/vendor/genfs_contexts index c7c5c46..338f733 100644 --- a/sepolicy/qti/vendor/genfs_contexts +++ b/sepolicy/qti/vendor/genfs_contexts @@ -20,6 +20,8 @@ genfscon proc /oplus_rf u:object_r:vendor_proc_engineer:s0 genfscon proc /fp_id u:object_r:vendor_proc_fingerprint:s0 # Sensors +genfscon proc /sensor/als_cali u:object_r:vendor_proc_oplus_als_file:s0 +genfscon proc /sensor/pressure_cali u:object_r:vendor_proc_eng_cali_file:s0 genfscon sysfs /devices/platform/soc/soc:sensor_fb u:object_r:vendor_sysfs_sensor_fb:s0 # Versioning diff --git a/sepolicy/qti/vendor/hwservice.te b/sepolicy/qti/vendor/hwservice.te index f2e8547..857a362 100644 --- a/sepolicy/qti/vendor/hwservice.te +++ b/sepolicy/qti/vendor/hwservice.te @@ -1,2 +1,5 @@ # ORMS type vendor_hal_orms_hwservice, hwservice_manager_type, protected_hwservice; + +# Sensors +type vendor_hal_oplusSensor_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/sepolicy/qti/vendor/hwservice_contexts b/sepolicy/qti/vendor/hwservice_contexts index ae838d5..2deca74 100644 --- a/sepolicy/qti/vendor/hwservice_contexts +++ b/sepolicy/qti/vendor/hwservice_contexts @@ -12,6 +12,9 @@ vendor.oplus.hardware.commondcs::ICommonDcsHalService u:object # ORMS vendor.oplus.hardware.orms::IOrmsHalProxy u:object_r:vendor_hal_orms_hwservice:s0 +# Sensors +vendor.oplus.hardware.oplusSensor::ISensorFeature u:object_r:vendor_hal_oplusSensor_hwservice:s0 + # Telephony vendor.oplus.hardware.appradio::IOplusAppRadio u:object_r:hal_telephony_hwservice:s0 vendor.oplus.hardware.ims::IOplusImsRadio u:object_r:hal_telephony_hwservice:s0 diff --git a/sepolicy/qti/vendor/te_macros b/sepolicy/qti/vendor/te_macros index 9126445..08b2f89 100644 --- a/sepolicy/qti/vendor/te_macros +++ b/sepolicy/qti/vendor/te_macros @@ -1,3 +1,12 @@ +##################################### +# vendor_hal_attribute(hal_name) +# Add an attribute for vendor hal implementations. +define(`vendor_hal_attribute', ` +attribute vendor_hal_$1; +attribute vendor_hal_$1_client; +attribute vendor_hal_$1_server; +') + ##################################### # rw_dir_file(domain, type) # Allow the specified domain to read directories and rw files diff --git a/sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te b/sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te new file mode 100644 index 0000000..640274a --- /dev/null +++ b/sepolicy/qti/vendor/vendor_hal_oplusSensor_default.te @@ -0,0 +1,20 @@ +type vendor_hal_oplusSensor_default, domain; +hal_server_domain(vendor_hal_oplusSensor_default, vendor_hal_oplusSensor) + +type vendor_hal_oplusSensor_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(vendor_hal_oplusSensor_default) + +binder_call(vendor_hal_oplusSensor_client, vendor_hal_oplusSensor_server) +binder_call(vendor_hal_oplusSensor_server, vendor_hal_oplusSensor_client) + +hal_attribute_hwservice(vendor_hal_oplusSensor, vendor_hal_oplusSensor_hwservice) + +allow vendor_hal_oplusSensor_default vendor_reserve_partition:blk_file r_file_perms; + +allow vendor_hal_oplusSensor_default mnt_vendor_file:dir search; + +r_dir_file(vendor_hal_oplusSensor_default, vendor_persist_engineer_file) +r_dir_file(vendor_hal_oplusSensor_default, vendor_persist_sensors_file) +r_dir_file(vendor_hal_oplusSensor_default, vendor_proc_oplus_version) +rw_dir_file(vendor_hal_oplusSensor_default, vendor_proc_eng_cali_file) +rw_dir_file(vendor_hal_oplusSensor_default, vendor_proc_oplus_als_file)