tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added sepolicy rule for vendor uuid mapping config

Browse source 
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
This commit is contained in:
Rajesh Nyamagoud 2021-11-18 22:59:29 +00:00
parent 453dcf6752
commit ce542660c9
6 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/30.0/30.0.ignore.cil
View file

@ -147,6 +147,7 @@
vd_device
vendor_kernel_modules
vendor_modprobe
vendor_uuid_mapping_config_file
vibrator_manager_service
virtualization_service
vpn_management_service

1
private/compat/31.0/31.0.ignore.cil
View file

@ -48,6 +48,7 @@
proc_vendor_sched
sysfs_vendor_sched
tv_iapp_service
vendor_uuid_mapping_config_file
vendor_vm_file
vendor_vm_data_file
virtual_device_service

1
private/domain.te
View file

@ -511,6 +511,7 @@ full_treble_only(`
-vendor_public_framework_file
-vendor_public_lib_file
-vendor_task_profiles_file
-vendor_uuid_mapping_config_file
-vndk_sp_file
}:file *;
')

4
private/file_contexts
View file

@ -412,6 +412,10 @@
/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
# secure-element service: vendor uuid mapping config file
/(odm|vendor/odm|vendor|system/vendor)/etc/hal_uuid_map_(.*)?\.xml u:object_r:vendor_uuid_mapping_config_file:s0
# Input configuration
/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0

2
private/secure_element.te
View file

@ -12,3 +12,5 @@ hal_client_domain(secure_element, hal_secure_element)
# the secure element process, from a file in
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow secure_element shell_data_file:file read;
allow secure_element vendor_uuid_mapping_config_file:file r_file_perms;

3
public/file.te
View file

@ -249,6 +249,9 @@ type vendor_keylayout_file, vendor_file_type, file_type;
type vendor_keychars_file, vendor_file_type, file_type;
type vendor_idc_file, vendor_file_type, file_type;
# Type for vendor uuid mapping config file
type vendor_uuid_mapping_config_file, vendor_file_type, file_type;
# SoC-specific virtual machine disk files
type vendor_vm_file, vendor_file_type, file_type;
# SoC-specific virtual machine disk files that are mutable