e539570694
Rules in clients of NFC HAL due to the HAL running (or previously running) in passthrough mode are now targeting hal_nfc. Domains which are clients of NFC HAL are associated with hal_nfc only the the HAL runs in passthrough mode. NFC HAL server domains are always associated with hal_nfc and thus get these rules unconditionally. This commit also moves the policy of nfc domain to private. The only thing remaining in the public policy is the existence of this domain. This is needed because there are references to this domain in public and vendor policy. Test: Open a URL in Chrome, NFC-tap Android to another Android and observe that the same URL is opened in a web browser on the destination device. Do the same reversing the roles of the two Androids. Test: Install an NFC reader app, tap a passive NFC tag with the Android and observe that the app is displaying information about the tag. Test: No SELinux denials to do with NFC before and during and after the above tests on sailfish, bullhead, and angler. Bug: 34170079 Change-Id: I29fe43f63d64b286c28eb19a3a9fe4f630612226
13 lines
426 B
Text
13 lines
426 B
Text
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_nfc_client, hal_nfc_server)
|
|
binder_call(hal_nfc_server, hal_nfc_client)
|
|
|
|
# Set NFC properties (used by bcm2079x HAL).
|
|
set_prop(hal_nfc, nfc_prop)
|
|
|
|
# NFC device access.
|
|
allow hal_nfc nfc_device:chr_file rw_file_perms;
|
|
|
|
# Data file accesses.
|
|
allow hal_nfc nfc_data_file:dir create_dir_perms;
|
|
allow hal_nfc nfc_data_file:notdevfile_class_set create_file_perms;
|