Sepolicy changes for new mutualex daemon
Change-Id: Ie3cd5f9c1ced4f40fba5144cc079344c0ab4e2d9
This commit is contained in:
Ayishwarya Narasimhan
Gerrit - the friendly Code Review server
parent
9cc676df60
commit
489591c501
4 changed files with 63 additions and 5 deletions
4
generic/vendor/common/hal_wifi_supplicant.te
vendored
4
generic/vendor/common/hal_wifi_supplicant.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
#Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
|
||||
#Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
#Redistribution and use in source and binary forms, with or without
|
||||
#modification, are permitted provided that the following conditions are
|
||||
|
|
@ -37,7 +37,7 @@ allow hal_wifi_supplicant_default wpa_data_file:dir w_dir_perms;
|
|||
allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
|
||||
# Permission for wpa socket which IMS use to communicate
|
||||
# # Allow wpa_supplicant to send back wifi information to cnd
|
||||
allow hal_wifi_supplicant_default { vendor_cnd vendor_ims }:unix_dgram_socket sendto;
|
||||
allow hal_wifi_supplicant_default { vendor_cnd vendor_ims vendor_mutualex}:unix_dgram_socket sendto;
|
||||
# # Allow wpa_supplicant to send back wifi information to vendor_location
|
||||
allow hal_wifi_supplicant_default vendor_location:unix_dgram_socket sendto;
|
||||
|
||||
|
|
|
|||
5
qva/vendor/common/file_contexts
vendored
5
qva/vendor/common/file_contexts
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
|
||||
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
|
|
@ -53,8 +53,8 @@
|
|||
/dev/socket/ssgtzd u:object_r:vendor_ssgtzd_socket:s0
|
||||
/dev/socket/qdma(/.*)? u:object_r:vendor_qdma_socket:s0
|
||||
/dev/socket/adpl_cmd_uds_file u:object_r:vendor_dataadpl_socket:s0
|
||||
/dev/socket/vendor_wpa_wlan[0-9] u:object_r:vendor_wifi_vendor_wpa_socket:s0
|
||||
/dev/socket/wigig/wpa_wigig[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
|
||||
/dev/socket/wigig/vendor_wpa_wlan[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
|
||||
/dev/socket/wigig/wigignpt u:object_r:vendor_wigignpt_socket:s0
|
||||
/dev/socket/wigig/sensingdaemon u:object_r:vendor_sensingdaemon_socket:s0
|
||||
|
||||
|
|
@ -115,6 +115,7 @@
|
|||
/(vendor|system/vendor)/bin/sensingdaemon u:object_r:vendor_sensingdaemon_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
|
||||
/vendor/bin/vendor\.qti\.qspmhal@1\.0-service u:object_r:vendor_hal_qspmhal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/mutualex u:object_r:vendor_mutualex_exec:s0
|
||||
|
||||
|
||||
#### Context for location features
|
||||
|
|
|
|||
4
qva/vendor/common/hal_wifi_hostapd.te
vendored
4
qva/vendor/common/hal_wifi_hostapd.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
|
||||
# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
|
|
@ -34,6 +34,8 @@ allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms;
|
|||
|
||||
# Allow hostapd to connect to fstman using control socket
|
||||
allow hal_wifi_hostapd_default vendor_fstman:unix_dgram_socket sendto;
|
||||
# Allow hostapd to connect to mutualex using control socket
|
||||
allow hal_wifi_hostapd_default vendor_mutualex:unix_dgram_socket sendto;
|
||||
# wigig_hostapd has its own directory for sockets,
|
||||
# in order to prevent conflicts with wifi hostapd
|
||||
# allow wigig_hostapd to create the directory holding its control socket
|
||||
|
|
|
|||
55
qva/vendor/common/mutualex.te
vendored
Normal file
55
qva/vendor/common/mutualex.te
vendored
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
# * Neither the name of The Linux Foundation nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
type vendor_mutualex, domain;
|
||||
type vendor_mutualex_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(vendor_mutualex)
|
||||
|
||||
allow vendor_mutualex vendor_mutualex:{
|
||||
qipcrtr_socket
|
||||
netlink_generic_socket
|
||||
}create_socket_perms_no_ioctl;
|
||||
|
||||
hal_client_domain(vendor_mutualex,hal_wifi_hostapd)
|
||||
hal_client_domain(vendor_mutualex,hal_wifi_supplicant)
|
||||
|
||||
# allow mutualex to access wpa_socket
|
||||
allow vendor_mutualex vendor_wifi_vendor_data_file:dir r_dir_perms;
|
||||
allow vendor_mutualex vendor_wifi_vendor_wpa_socket:sock_file write;
|
||||
|
||||
#communicating with wpa supplicant for sending commands/listening to events
|
||||
unix_socket_send(vendor_mutualex, wpa, hal_wifi_supplicant)
|
||||
allow vendor_mutualex wpa_data_file:dir w_dir_perms;
|
||||
allow vendor_mutualex wpa_data_file:sock_file create_file_perms;
|
||||
|
||||
#communicating with hostapd for sending commands/listening to events
|
||||
allow vendor_mutualex hostapd_data_file:dir rw_dir_perms;
|
||||
allow vendor_mutualex hostapd_data_file:sock_file create_file_perms;
|
||||
allow vendor_mutualex { hal_wifi_hostapd_default }:unix_dgram_socket sendto;
|
||||
|
||||
wakelock_use(vendor_mutualex)
|
||||
|
||||
Loading…
Reference in a new issue