sepolicy: Add policy for Limits HAL
Add policy to access netlink socket and thermal sysfs nodes for limits HAL. Change-Id: I95d0503e2e2d642a21d9950a9f2fb6bacf6d55cc
This commit is contained in:
parent
3e972cd0d7
commit
661cc2b360
4 changed files with 52 additions and 1 deletions
1
generic/vendor/common/file_contexts
vendored
1
generic/vendor/common/file_contexts
vendored
|
@ -161,6 +161,7 @@
|
||||||
/vendor/bin/thermal-engine u:object_r:vendor_thermal-engine_exec:s0
|
/vendor/bin/thermal-engine u:object_r:vendor_thermal-engine_exec:s0
|
||||||
/vendor/bin/hw/android.hardware.thermal@2.0-service.qti-v2 u:object_r:hal_thermal_default_exec:s0
|
/vendor/bin/hw/android.hardware.thermal@2.0-service.qti-v2 u:object_r:hal_thermal_default_exec:s0
|
||||||
/vendor/bin/thermal-engine-v2 u:object_r:vendor_thermal-engine_exec:s0
|
/vendor/bin/thermal-engine-v2 u:object_r:vendor_thermal-engine_exec:s0
|
||||||
|
/vendor/bin/hw/vendor.qti.hardware.limits@1.1-service u:object_r:vendor_limits-hal_exec:s0
|
||||||
/vendor/bin/sensors.qti u:object_r:vendor_sensors_qti_exec:s0
|
/vendor/bin/sensors.qti u:object_r:vendor_sensors_qti_exec:s0
|
||||||
/vendor/bin/sensors-qesdk u:object_r:vendor_sensors_qesdk_exec:s0
|
/vendor/bin/sensors-qesdk u:object_r:vendor_sensors_qesdk_exec:s0
|
||||||
/vendor/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
|
/vendor/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
|
||||||
|
|
48
generic/vendor/common/hal_limits_default.te
vendored
Executable file
48
generic/vendor/common/hal_limits_default.te
vendored
Executable file
|
@ -0,0 +1,48 @@
|
||||||
|
# Copyright (c) 2021, The Linux Foundation. All rights reserved.
|
||||||
|
#
|
||||||
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
# modification, are permitted provided that the following conditions are
|
||||||
|
# met:
|
||||||
|
# * Redistributions of source code must retain the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer.
|
||||||
|
# * Redistributions in binary form must reproduce the above
|
||||||
|
# copyright notice, this list of conditions and the following
|
||||||
|
# disclaimer in the documentation and/or other materials provided
|
||||||
|
# with the distribution.
|
||||||
|
# * Neither the name of The Linux Foundation nor the names of its
|
||||||
|
# contributors may be used to endorse or promote products derived
|
||||||
|
# from this software without specific prior written permission.
|
||||||
|
#
|
||||||
|
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||||
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||||
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||||
|
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||||
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||||
|
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||||
|
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||||
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||||
|
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||||
|
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
type vendor_limits-hal, domain;
|
||||||
|
hal_server_domain(vendor_limits-hal, vendor_hal_limits)
|
||||||
|
|
||||||
|
type vendor_limits-hal_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(vendor_limits-hal)
|
||||||
|
|
||||||
|
# Allow hwbinder call from hal client to server
|
||||||
|
binder_call(vendor_hal_limits_client, vendor_hal_limits_server)
|
||||||
|
binder_call(vendor_hal_limits_server, vendor_hal_limits_client)
|
||||||
|
|
||||||
|
# Add hwservice related rules
|
||||||
|
hal_attribute_hwservice(vendor_hal_limits, vendor_hal_limits_hwservice);
|
||||||
|
|
||||||
|
# Thermal HAL access
|
||||||
|
hal_client_domain(vendor_limits-hal, hal_thermal);
|
||||||
|
|
||||||
|
# This is required for thermal sysfs access
|
||||||
|
allow vendor_limits-hal sysfs_thermal:file w_file_perms;
|
||||||
|
|
||||||
|
# netlink access
|
||||||
|
allow vendor_limits-hal self: { netlink_generic_socket } create_socket_perms_no_ioctl;
|
3
generic/vendor/common/hwservice.te
vendored
3
generic/vendor/common/hwservice.te
vendored
|
@ -1,4 +1,4 @@
|
||||||
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
|
# Copyright (c) 2018-2021, The Linux Foundation. All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
# modification, are permitted provided that the following conditions are
|
# modification, are permitted provided that the following conditions are
|
||||||
|
@ -47,3 +47,4 @@ type vendor_hal_embmssl_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type vendor_hal_dspmanager_hwservice, hwservice_manager_type;
|
type vendor_hal_dspmanager_hwservice, hwservice_manager_type;
|
||||||
type vendor_hal_camera_aon_hwservice, hwservice_manager_type, protected_hwservice;
|
type vendor_hal_camera_aon_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type vendor_hal_poweroptservice_hwservice, hwservice_manager_type, protected_hwservice;
|
type vendor_hal_poweroptservice_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
|
type vendor_hal_limits_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
|
|
1
generic/vendor/common/hwservice_contexts
vendored
1
generic/vendor/common/hwservice_contexts
vendored
|
@ -67,3 +67,4 @@ vendor.qti.hardware.embmssl::IEmbms u:object_r:vendor_h
|
||||||
vendor.qti.hardware.dsp::IDspService u:object_r:vendor_hal_dspmanager_hwservice:s0
|
vendor.qti.hardware.dsp::IDspService u:object_r:vendor_hal_dspmanager_hwservice:s0
|
||||||
vendor.qti.hardware.camera.aon::IAONService u:object_r:vendor_hal_camera_aon_hwservice:s0
|
vendor.qti.hardware.camera.aon::IAONService u:object_r:vendor_hal_camera_aon_hwservice:s0
|
||||||
vendor.qti.hardware.power.powermodule::IPowerModule u:object_r:vendor_hal_poweroptservice_hwservice:s0
|
vendor.qti.hardware.power.powermodule::IPowerModule u:object_r:vendor_hal_poweroptservice_hwservice:s0
|
||||||
|
vendor.qti.hardware.limits::ILimits u:object_r:vendor_hal_limits_hwservice:s0
|
||||||
|
|
Loading…
Reference in a new issue