Add sepolicy rules for Thread Network HAL
Bug: b/283905423 Test: Build and run the Thread Network stack in Cuttlefish. Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
This commit is contained in:
Zhanglong Xia
parent
bc792606dc
commit
b2d1fbb7b2
13 changed files with 38 additions and 21 deletions
|
|
@ -1,4 +1,3 @@
|
|||
(/.*)? u:object_r:system_file:s0
|
||||
/bin/otbr-agent u:object_r:ot_daemon_exec:s0
|
||||
/bin/ot-ctl u:object_r:ot_ctl_exec:s0
|
||||
/bin/ot-rcp u:object_r:ot_rcp_exec:s0
|
||||
|
|
|
|||
|
|
@ -119,6 +119,7 @@ var (
|
|||
"android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
|
||||
"android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
|
||||
|
|
|
|||
|
|
@ -7,4 +7,5 @@
|
|||
( new_objects
|
||||
ota_build_prop
|
||||
snapuserd_log_data_file
|
||||
hal_threadnetwork_service
|
||||
))
|
||||
|
|
|
|||
|
|
@ -17,8 +17,4 @@ allow ot_daemon threadnetwork_data_file:dir rw_dir_perms;
|
|||
allow ot_daemon threadnetwork_data_file:file create_file_perms;
|
||||
allow ot_daemon threadnetwork_data_file:sock_file {create unlink};
|
||||
|
||||
# used for simulation
|
||||
userdebug_or_eng(`
|
||||
create_pty(ot_daemon);
|
||||
domain_auto_trans(ot_daemon, ot_rcp_exec, ot_rcp);
|
||||
')
|
||||
hal_client_domain(ot_daemon, hal_threadnetwork)
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
#
|
||||
# ot_rcp is the simulated Thread Radio Coprocessor device which is used by ot_daemon.
|
||||
#
|
||||
|
||||
type ot_rcp, domain, coredomain;
|
||||
type ot_rcp_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow ot_rcp ot_daemon:fd use;
|
||||
allow ot_rcp ot_daemon:fifo_file rw_file_perms;
|
||||
allow ot_rcp ot_daemon_devpts:chr_file {read write};
|
||||
allow ot_rcp self:udp_socket create_socket_perms_no_ioctl;
|
||||
allow ot_rcp port:udp_socket name_bind;
|
||||
allow ot_rcp node:udp_socket node_bind;
|
||||
')
|
||||
|
|
@ -94,6 +94,7 @@ android.hardware.sensors.ISensors/default u:object_r:
|
|||
android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
|
||||
android.hardware.tetheroffload.IOffload/default u:object_r:hal_tetheroffload_service:s0
|
||||
android.hardware.thermal.IThermal/default u:object_r:hal_thermal_service:s0
|
||||
android.hardware.threadnetwork.IThreadChip/chip0 u:object_r:hal_threadnetwork_service:s0
|
||||
android.hardware.tv.hdmi.cec.IHdmiCec/default u:object_r:hal_tv_hdmi_cec_service:s0
|
||||
android.hardware.tv.hdmi.connection.IHdmiConnection/default u:object_r:hal_tv_hdmi_connection_service:s0
|
||||
android.hardware.tv.hdmi.earc.IEArc/default u:object_r:hal_tv_hdmi_earc_service:s0
|
||||
|
|
|
|||
|
|
@ -333,6 +333,7 @@ hal_client_domain(system_server, hal_rebootescrow)
|
|||
hal_client_domain(system_server, hal_sensors)
|
||||
hal_client_domain(system_server, hal_tetheroffload)
|
||||
hal_client_domain(system_server, hal_thermal)
|
||||
hal_client_domain(system_server, hal_threadnetwork)
|
||||
hal_client_domain(system_server, hal_tv_cec)
|
||||
hal_client_domain(system_server, hal_tv_hdmi_cec)
|
||||
hal_client_domain(system_server, hal_tv_hdmi_connection)
|
||||
|
|
|
|||
|
|
@ -378,6 +378,7 @@ hal_attribute(sensors);
|
|||
hal_attribute(telephony);
|
||||
hal_attribute(tetheroffload);
|
||||
hal_attribute(thermal);
|
||||
hal_attribute(threadnetwork);
|
||||
hal_attribute(tv_cec);
|
||||
hal_attribute(tv_hdmi_cec);
|
||||
hal_attribute(tv_hdmi_connection);
|
||||
|
|
|
|||
7
public/hal_threadnetwork.te
Normal file
7
public/hal_threadnetwork.te
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
binder_call(hal_threadnetwork_client, hal_threadnetwork_server)
|
||||
binder_call(hal_threadnetwork_server, hal_threadnetwork_client)
|
||||
|
||||
hal_attribute_service(hal_threadnetwork, hal_threadnetwork_service)
|
||||
|
||||
binder_call(hal_threadnetwork_server, servicemanager)
|
||||
binder_call(hal_threadnetwork_client, servicemanager)
|
||||
|
|
@ -320,6 +320,7 @@ type hal_tv_hdmi_cec_service, protected_service, hal_service_type, service_manag
|
|||
type hal_tv_hdmi_connection_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_tv_hdmi_earc_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_threadnetwork_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_usb_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
|
||||
|
|
|
|||
2
vendor/file_contexts
vendored
2
vendor/file_contexts
vendored
|
|
@ -101,6 +101,7 @@
|
|||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal-service\.example u:object_r:hal_thermal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.threadnetwork-service(\.sim)? u:object_r:hal_threadnetwork_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.cec-service u:object_r:hal_tv_hdmi_cec_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.connection-service u:object_r:hal_tv_hdmi_connection_default_exec:s0
|
||||
|
|
@ -124,6 +125,7 @@
|
|||
/(vendor|system/vendor)/bin/hw/hostapd u:object_r:hal_wifi_hostapd_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
|
||||
/(vendor|system/vendor)/bin/ot-rcp u:object_r:ot_rcp_exec:s0
|
||||
/(vendor|system/vendor)/bin/vndservicemanager u:object_r:vndservicemanager_exec:s0
|
||||
|
||||
#############################
|
||||
|
|
|
|||
5
vendor/hal_threadnetwork_default.te
vendored
Normal file
5
vendor/hal_threadnetwork_default.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_threadnetwork_default, domain;
|
||||
hal_server_domain(hal_threadnetwork_default, hal_threadnetwork)
|
||||
|
||||
type hal_threadnetwork_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_threadnetwork_default)
|
||||
17
vendor/ot_rcp.te
vendored
Normal file
17
vendor/ot_rcp.te
vendored
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
#
|
||||
# ot_rcp is the simulated Thread Radio Coprocessor device which is used by
|
||||
# Thread Network HAL for simulating the Thread radio chip.
|
||||
#
|
||||
type ot_rcp, domain;
|
||||
type ot_rcp_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
domain_auto_trans(hal_threadnetwork_default, ot_rcp_exec, ot_rcp)
|
||||
allow hal_threadnetwork_default devpts:chr_file {open read write ioctl};
|
||||
allow ot_rcp hal_threadnetwork_default:fd use;
|
||||
allow ot_rcp hal_threadnetwork_default:fifo_file rw_file_perms;
|
||||
allow ot_rcp devpts:chr_file {read write};
|
||||
allow ot_rcp self:udp_socket create_socket_perms_no_ioctl;
|
||||
allow ot_rcp node:udp_socket node_bind;
|
||||
allow ot_rcp port:udp_socket name_bind;
|
||||
')
|
||||
Loading…
Reference in a new issue