[FR76275]add sepolicy change for nordic hal service

To support FR76275(VR Controller integration),this change adds sepolicy change for nordic hal service. Change-Id: I1ece56c05c6580492c8dde90198cdb73a41d3209
2022-08-18 13:12:42 +08:00 · 2022-08-18 13:12:42 +08:00 · 8021045140
commit 8021045140
parent 959f7c754f
8 changed files with 63 additions and 1 deletions
--- a/qva/vendor/kona/attributes
+++ b/qva/vendor/kona/attributes
@ -0,0 +1,8 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# attribute for hal_nordic
+
+attribute vendor_hal_nordic_client;
+attribute vendor_hal_nordic_server;
+attribute vendor_hal_nordic;
--- a/qva/vendor/kona/file.te
+++ b/qva/vendor/kona/file.te
@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019,  The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@ -24,6 +24,14 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear

 # vendor biometricsface data file
 type vendor_biometricsface_data_file, file_type, data_file_type;
+
+# nordic node file
+type vendor_nordic_sysfs_node, sysfs_type, fs_type;
+
--- a/qva/vendor/kona/file_contexts
+++ b/qva/vendor/kona/file_contexts
@ -24,7 +24,16 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear

 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.0-service    u:object_r:vendor_biometricsface_exec:s0

+# nordic node file
+/(vendor|system/vendor)/bin/hw/vendor\.shadowcreator\.hardware\.nordic@1\.0-service u:object_r:vendor_hal_nordic_default_exec:s0
+/sys/devices/platform/soc/894000\.spi/spi_master/spi0/spi0\.0/jsrequest u:object_r:vendor_nordic_sysfs_node:s0
+/sys/devices/platform/soc/894000\.spi/spi_master/spi0/spi0\.0/jsmem u:object_r:vendor_nordic_sysfs_node:s0
+
 /data/vendor/face3d_dir(/.*)?                                       u:object_r:vendor_biometricsface_data_file:s0
--- a/qva/vendor/kona/hal_nordic_default.te
+++ b/qva/vendor/kona/hal_nordic_default.te
@ -0,0 +1,13 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_hal_nordic_default, domain;
+type vendor_hal_nordic_default_exec, exec_type, vendor_file_type, file_type;
+hal_server_domain(vendor_hal_nordic_default, vendor_hal_nordic)
+init_daemon_domain(vendor_hal_nordic_default);
+binder_call(vendor_hal_nordic_client, vendor_hal_nordic_server)
+binder_call(vendor_hal_nordic_server, vendor_hal_nordic_client)
+hal_attribute_hwservice(vendor_hal_nordic, vendor_hal_nordic_hwservice)
+allow vendor_hal_nordic_default vendor_nordic_sysfs_node:file { open read write };
+allow vendor_hal_nordic_default ion_device:chr_file rw_file_perms;
+hal_client_domain(vendor_hal_nordic_default, hal_allocator)
--- a/qva/vendor/kona/hwservice.te
+++ b/qva/vendor/kona/hwservice.te
@ -0,0 +1,5 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# hal nordic hwservice
+type vendor_hal_nordic_hwservice, hwservice_manager_type,protected_hwservice;
--- a/qva/vendor/kona/hwservice_contexts
+++ b/qva/vendor/kona/hwservice_contexts
@ -0,0 +1,5 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# hal nordic hwservice
+vendor.shadowcreator.hardware.nordic::INordic    u:object_r:vendor_hal_nordic_hwservice:s0
--- a/qva/vendor/kona/nordic_app.te
+++ b/qva/vendor/kona/nordic_app.te
@ -0,0 +1,9 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# hal nordic app te
+type vendor_nordic_app, domain;
+app_domain(vendor_nordic_app)
+hal_client_domain(vendor_nordic_app, vendor_hal_nordic);
+allow vendor_nordic_app activity_service:service_manager find;
+allow vendor_nordic_app vendor_qvrd_vndr:fd use;
--- a/qva/vendor/kona/seapp_contexts
+++ b/qva/vendor/kona/seapp_contexts
@ -0,0 +1,5 @@
+#  Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+#  SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#Add new domain for nordic service app
+user=_app seinfo=platform name=com.shadowcreator.service.handshank domain=vendor_nordic_app type=app_data_file levelFrom=all