Allow the NFC process to access hwservicemanager.
Add a macro to make this easier for other processes as well. Change-Id: I489d0ce042fe5ef88dc767a6fbdb9b795be91601 (cherry picked from commit c2b9c1561e4bd7ac86d78b44ca7927994e781da0)
This commit is contained in:
Martijn Coenen
Jeffrey Vander Stoep
parent
6b952393f6
commit
50ab0b1ace
2 changed files with 17 additions and 0 deletions
3
nfc.te
3
nfc.te
|
|
@ -4,6 +4,9 @@ app_domain(nfc)
|
|||
net_domain(nfc)
|
||||
binder_service(nfc)
|
||||
|
||||
# hwbinder access
|
||||
hwbinder_use(nfc)
|
||||
|
||||
# Set NFC properties
|
||||
set_prop(nfc, nfc_prop)
|
||||
|
||||
|
|
|
|||
14
te_macros
14
te_macros
|
|
@ -186,6 +186,20 @@ allow servicemanager $1:process getattr;
|
|||
# all domains in domain.te.
|
||||
')
|
||||
|
||||
#####################################
|
||||
# hwbinder_use(domain)
|
||||
# Allow domain to use HwBinder IPC.
|
||||
define(`hwbinder_use', `
|
||||
# Call the hwservicemanager and transfer references to it.
|
||||
allow $1 hwservicemanager:binder { call transfer };
|
||||
# hwservicemanager performs getpidcon on clients.
|
||||
allow hwservicemanager $1:dir search;
|
||||
allow hwservicemanager $1:file { read open };
|
||||
allow hwservicemanager $1:process getattr;
|
||||
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
|
||||
# all domains in domain.te.
|
||||
')
|
||||
|
||||
#####################################
|
||||
# binder_call(clientdomain, serverdomain)
|
||||
# Allow clientdomain to perform binder IPC to serverdomain.
|
||||
|
|
|
|||
Loading…
Reference in a new issue