platform_system_sepolicy/public/hal_nfc.te
Alex Klyubin e539570694 Remove unnecessary rules from NFC HAL clients
Rules in clients of NFC HAL due to the HAL running (or previously
running) in passthrough mode are now targeting hal_nfc. Domains which
are clients of NFC HAL are associated with hal_nfc only the the HAL
runs in passthrough mode. NFC HAL server domains are always associated
with hal_nfc and thus get these rules unconditionally.

This commit also moves the policy of nfc domain to private. The only
thing remaining in the public policy is the existence of this domain.
This is needed because there are references to this domain in public
and vendor policy.

Test: Open a URL in Chrome, NFC-tap Android to another Android and
      observe that the same URL is opened in a web browser on the
      destination device. Do the same reversing the roles of the two
      Androids.
Test: Install an NFC reader app, tap a passive NFC tag with the
      Android and observe that the app is displaying information about
      the tag.
Test: No SELinux denials to do with NFC before and during and after
      the above tests on sailfish, bullhead, and angler.
Bug: 34170079

Change-Id: I29fe43f63d64b286c28eb19a3a9fe4f630612226
2017-03-22 16:22:33 -07:00

13 lines
426 B
Text

# HwBinder IPC from client to server, and callbacks
binder_call(hal_nfc_client, hal_nfc_server)
binder_call(hal_nfc_server, hal_nfc_client)
# Set NFC properties (used by bcm2079x HAL).
set_prop(hal_nfc, nfc_prop)
# NFC device access.
allow hal_nfc nfc_device:chr_file rw_file_perms;
# Data file accesses.
allow hal_nfc nfc_data_file:dir create_dir_perms;
allow hal_nfc nfc_data_file:notdevfile_class_set create_file_perms;