secpolicy: add HAL support for SPU
Support v1.0 of SPU HAL which is served by vendor.qti.spu@1.0-server. This is needed in order to support 3rd party spcom operations. Change-Id: If2cc4f8b478fc3bceb78ad9becbdd5a1b9417266
This commit is contained in:
Liron Daniel
parent
5d80ff03be
commit
08e7c09ca3
6 changed files with 73 additions and 0 deletions
|
|
@ -32,3 +32,7 @@ attribute vendor_sigmahal_client;
|
|||
attribute vendor_qccsyshal;
|
||||
attribute vendor_qccsyshal_server;
|
||||
attribute vendor_qccsyshal_client;
|
||||
|
||||
attribute vendor_hal_spu;
|
||||
attribute vendor_hal_spu_client;
|
||||
attribute vendor_hal_spu_server;
|
||||
|
|
|
|||
1
qva/vendor/common/device.te
vendored
1
qva/vendor/common/device.te
vendored
|
|
@ -30,6 +30,7 @@ type vendor_skp_device, dev_type;
|
|||
type vendor_sp_keymaster_device, dev_type;
|
||||
type vendor_sp_ssr_device, dev_type;
|
||||
type vendor_spdaemon_ssr_device, dev_type;
|
||||
type vendor_spu_hal_ssr_device, dev_type;
|
||||
type vendor_iuicc_device, dev_type;
|
||||
type vendor_cryptoapp_device, dev_type;
|
||||
type vendor_sec_nvm_device, dev_type;
|
||||
|
|
|
|||
4
qva/vendor/common/file_contexts
vendored
4
qva/vendor/common/file_contexts
vendored
|
|
@ -33,7 +33,10 @@
|
|||
/dev/sp_keymaster u:object_r:vendor_sp_keymaster_device:s0
|
||||
/dev/sp_ssr u:object_r:vendor_sp_ssr_device:s0
|
||||
/dev/spdaemon_ssr u:object_r:vendor_spdaemon_ssr_device:s0
|
||||
/dev/spu_hal_ssr u:object_r:vendor_spu_hal_ssr_device:s0
|
||||
/dev/iuicc u:object_r:vendor_iuicc_device:s0
|
||||
/dev/iuicc0 u:object_r:vendor_iuicc_device:s0
|
||||
/dev/iuicc1 u:object_r:vendor_iuicc_device:s0
|
||||
/dev/cryptoapp u:object_r:vendor_cryptoapp_device:s0
|
||||
/dev/sec_nvm_.* u:object_r:vendor_sec_nvm_device:s0
|
||||
/dev/qbt.* u:object_r:vendor_qbt_device:s0
|
||||
|
|
@ -73,6 +76,7 @@
|
|||
/vendor/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:vendor_hal_qteeconnector_qti_exec:s0
|
||||
/vendor/bin/hw/vendor\.qti\.hardware\.qseecom@1\.0-service u:object_r:vendor_hal_qseecom_default_exec:s0
|
||||
/vendor/bin/hw/vendor\.qti\.hardware\.scve\.objecttracker@1\.0-service u:object_r:vendor_scve_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.qti\.spu@1\.0-service u:object_r:vendor_hal_spu_qti_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.panorama@1\.0-service u:object_r:vendor_scve_exec:s0
|
||||
/vendor/bin/hw/vendor\.qti\.hardware\.sensorscalibrate@1\.0-service u:object_r:vendor_hal_sensorscalibrate_qti_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.soter@1\.0-service u:object_r:vendor_hal_soter_qti_exec:s0
|
||||
|
|
|
|||
62
qva/vendor/common/hal_spu_qti.te
vendored
Normal file
62
qva/vendor/common/hal_spu_qti.te
vendored
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
# * Neither the name of The Linux Foundation nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
type vendor_hal_spu_qti, domain;
|
||||
type vendor_hal_spu_qti_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(vendor_hal_spu_qti)
|
||||
|
||||
hal_server_domain(vendor_hal_spu_qti, vendor_hal_spu)
|
||||
|
||||
# Allow access to hal_allocator
|
||||
hal_client_domain(vendor_hal_spu_qti, hal_allocator)
|
||||
|
||||
# Allow vendor_hal_spu client domain apps to find hwservice
|
||||
binder_call(vendor_hal_spu_client, vendor_hal_spu_server)
|
||||
binder_call(vendor_hal_spu_server, vendor_hal_spu_client)
|
||||
|
||||
# Allow the service to be added to hwservice list
|
||||
hal_attribute_hwservice(vendor_hal_spu, vendor_hal_spu_hwservice)
|
||||
|
||||
# Allow access to spss_utils device
|
||||
#allow vendor_hal_spu_qti vendor_spss_utils_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to spcom devices
|
||||
allow vendor_hal_spu_qti vendor_spcom_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_spu_qti vendor_skp_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_spu_qti vendor_sp_ssr_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_spu_qti vendor_cryptoapp_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_spu_qti vendor_iuicc_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_spu_qti vendor_spu_hal_ssr_device:chr_file rw_file_perms;
|
||||
|
||||
# Alloc acess to ion_device
|
||||
allow vendor_hal_spu_qti ion_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow set / get spcomlib prop
|
||||
set_prop(vendor_hal_spu_qti, vendor_spcomlib_prop)
|
||||
|
||||
# Vendor binder
|
||||
use_vendor_per_mgr(vendor_hal_spu_qti)
|
||||
1
qva/vendor/common/hwservice.te
vendored
1
qva/vendor/common/hwservice.te
vendored
|
|
@ -55,3 +55,4 @@ type vendor_hal_bluetooth_dun_hwservice, hwservice_manager_type, protected_hwser
|
|||
type vendor_hal_embmssl_hwservice, hwservice_manager_type, protected_hwservice;
|
||||
type vendor_hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
|
||||
type vendor_hal_qccvndhal_hwservice , hwservice_manager_type, protected_hwservice;
|
||||
type vendor_hal_spu_hwservice, hwservice_manager_type, protected_hwservice;
|
||||
|
|
|
|||
1
qva/vendor/common/hwservice_contexts
vendored
1
qva/vendor/common/hwservice_contexts
vendored
|
|
@ -73,3 +73,4 @@ vendor.qti.hardware.cryptfshw::ICryptfsHw u:object_r:hal_keym
|
|||
vendor.qti.hardware.embmssl::IEmbms u:object_r:vendor_hal_embmssl_hwservice:s0
|
||||
vendor.qti.hardware.qseecom::IQSEECom u:object_r:vendor_hal_qseecom_hwservice:s0
|
||||
vendor.qti.hardware.qccvndhal::IQccvndhal u:object_r:vendor_hal_qccvndhal_hwservice:s0
|
||||
vendor.qti.spu::ISPUManager u:object_r:vendor_hal_spu_hwservice:s0
|
||||
|
|
|
|||
Loading…
Reference in a new issue