sepolicy: add persist file access for hvdcp

hvdcp_opti daemon needs to store some parameters under vendor persist (/mnt/vendor/persist/hvdcp_opti/*). Add the necessary rule for it. Also, move hvdcp.te from generic/vendor/common to qva/vendor/common. Change-Id: I337b9c862d15c1080f7f7de7ba2fe26111d9f02b
2019-03-18 14:20:29 -07:00 · 2019-03-18 14:20:29 -07:00 · 6fcf2c22d5
commit 6fcf2c22d5
parent 2be1440bc7
3 changed files with 9 additions and 8 deletions
--- a/qva/vendor/common/file.te
+++ b/qva/vendor/common/file.te
@ -49,6 +49,7 @@ type qdma_socket, file_type, mlstrustedobject;
 type sysfs_npu, fs_type, sysfs_type;

 type vendor_persist_mmi_file, file_type, vendor_persist_type;
+type persist_hvdcp_file, file_type, vendor_persist_type;

 #File type by mmi
 type vendor_mmi_socket, file_type;
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@ -135,7 +135,7 @@
 /mnt/vendor/persist/qti_fp(/.*)?      u:object_r:persist_qti_fp_file:s0
 /mnt/vendor/persist/FTM_AP(/.*)?      u:object_r:vendor_persist_mmi_file:s0
 /mnt/vendor/persist/vpp(/.*)?         u:object_r:persist_vpp_file:s0
-
+/mnt/vendor/persist/hvdcp_opti(/.*)?  u:object_r:persist_hvdcp_file:s0

 # same-process HAL files and their dependencies
 #
--- a/generic/vendor/common/hvdcp.te
+++ b/generic/vendor/common/hvdcp.te
@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@ -56,12 +56,12 @@ allow hvdcp {
    sysfs_spmi_dev
 }:lnk_file r_file_perms;

-allow hvdcp self:capability { setgid setuid };
 allow hvdcp self:capability2 wake_alarm;
-allow hvdcp kmsg_device:chr_file rw_file_perms;
-allow hvdcp cgroup:dir { create add_name };
+userdebug_or_eng(`allow hvdcp kmsg_device:chr_file rw_file_perms;')
 allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp sysfs_battery_supply:file setattr;
-allow hvdcp sysfs_usb_supply:file setattr;
-allow hvdcp sysfs_usbpd_device:file setattr;
+
+allow hvdcp mnt_vendor_file:dir search;
+allow hvdcp persist_hvdcp_file:dir rw_dir_perms;
+allow hvdcp persist_hvdcp_file:file create_file_perms;
+
 wakelock_use(hvdcp)