sepolicy_vndr: add sepolicy for keymasterd for anorak

Keymaster daemon is given permissions to access spcom related files and devices Change-Id: Ic753bf9b93594d8e51a48e709dd938e249dcc963 Signed-off-by: sganda <quic_sganda@quicinc.com>
2023-01-03 20:38:42 +05:30 · 2023-01-03 20:38:42 +05:30 · 11bfa34b4a
commit 11bfa34b4a
parent d65bf3f91c
1 changed files with 44 additions and 0 deletions
--- a/qva/vendor/anorak/keymasterd.te
+++ b/qva/vendor/anorak/keymasterd.te
@ -0,0 +1,44 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(vendor_keymasterd, vendor_tee_listener_prop)
+allow vendor_keymasterd tee_device:chr_file rw_file_perms;
+
+# Allow access to /dev/spcom
+allow vendor_keymasterd vendor_spcom_device:chr_file rw_file_perms;
+allow vendor_keymasterd vendor_sp_keymaster_ssr_device:chr_file rw_file_perms;
+allow vendor_keymasterd vendor_spss_utils_device:chr_file rw_file_perms;
+
+# Allow access to skp
+allow vendor_keymasterd vendor_skp_device:chr_file rw_file_perms;
+allow vendor_keymasterd vendor_sp_keymaster_device:chr_file rw_file_perms;
+allow vendor_keymasterd vendor_sp_ssr_device:chr_file rw_file_perms;
+get_prop(vendor_keymasterd, vendor_spcomlib_prop)
+
+# Allow access to DMA Buf
+allow vendor_keymasterd vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
+