platform_system_sepolicy/public/hal_lowpan.te
Dan Cashman df5469d864 Sync internal master and AOSP sepolicy.
Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
2017-09-27 18:55:47 -07:00

21 lines
728 B
Text

# HwBinder IPC from client to server, and callbacks
binder_call(hal_lowpan_client, hal_lowpan_server)
binder_call(hal_lowpan_server, hal_lowpan_client)
add_hwservice(hal_lowpan_server, hal_lowpan_hwservice)
# Allow hal_lowpan_client to be able to find the hal_lowpan_server
allow hal_lowpan_client hal_lowpan_hwservice:hwservice_manager find;
# hal_lowpan domain can write/read to/from lowpan_prop
set_prop(hal_lowpan_server, lowpan_prop)
# Allow hal_lowpan_server to open lowpan_devices
allow hal_lowpan_server lowpan_device:chr_file rw_file_perms;
###
### neverallow rules
###
# Only LoWPAN HAL may directly access LoWPAN hardware
neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr;