From f73820a33949980cf45decc4d3418d4b9b45cf59 Mon Sep 17 00:00:00 2001 From: Arian Date: Wed, 22 Apr 2020 15:21:09 +0200 Subject: [PATCH] davinci: sepolicy: Add motor rules Change-Id: Ia076f82c816d0ff3ced950fcb1e2982e9ca668ff --- sepolicy/public/attributes | 1 + sepolicy/vendor/cameraserver.te | 1 + sepolicy/vendor/file_contexts | 5 +++++ sepolicy/vendor/hal_motor_default.te | 24 ++++++++++++++++++++++++ sepolicy/vendor/hwservice_contexts | 1 + sepolicy/vendor/system_app.te | 7 +++++++ 6 files changed, 39 insertions(+) create mode 100644 sepolicy/public/attributes create mode 100644 sepolicy/vendor/cameraserver.te create mode 100644 sepolicy/vendor/hal_motor_default.te create mode 100644 sepolicy/vendor/system_app.te diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes new file mode 100644 index 0000000..ebb573e --- /dev/null +++ b/sepolicy/public/attributes @@ -0,0 +1 @@ +hal_attribute(motor) diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te new file mode 100644 index 0000000..1f31860 --- /dev/null +++ b/sepolicy/vendor/cameraserver.te @@ -0,0 +1 @@ +hal_client_domain(cameraserver, hal_motor) diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 00bbbee..e15e42c 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -15,6 +15,11 @@ # HALs /vendor/bin/hw/android\.hardware\.light@2\.0-service\.davinci u:object_r:hal_light_default_exec:s0 /vendor/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1\.0-service\.davinci u:object_r:hal_lineage_fod_default_exec:s0 +/vendor/bin/hw/vendor\.xiaomi\.hardware\.motor@1\.0-service u:object_r:hal_motor_default_exec:s0 + +# Motor +/dev/akm09970 u:object_r:hall_device:s0 +/dev/drv8846_dev u:object_r:motor_device:s0 # Remosaic /vendor/bin/remosaic_daemon u:object_r:remosaic_daemon_exec:s0 diff --git a/sepolicy/vendor/hal_motor_default.te b/sepolicy/vendor/hal_motor_default.te new file mode 100644 index 0000000..7595068 --- /dev/null +++ b/sepolicy/vendor/hal_motor_default.te @@ -0,0 +1,24 @@ +type hal_motor_hwservice_xiaomi, hwservice_manager_type; +type hall_device, dev_type; +type motor_device, dev_type; + +type hal_motor_default, domain; +hal_server_domain(hal_motor_default, hal_motor) + +binder_call(hal_motor_client, hal_motor_server) + +type hal_motor_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_motor_default) + +add_hwservice(hal_motor_server, hal_motor_hwservice_xiaomi) +allow hal_motor_client hal_motor_hwservice_xiaomi:hwservice_manager find; + +allow hal_motor_default hall_device:chr_file rw_file_perms; +allow hal_motor_default motor_device:chr_file rw_file_perms; + +allow hal_motor_default persist_sensors_file:dir search; +allow hal_motor_default persist_sensors_file:file r_file_perms; + +allow hal_motor_default mnt_vendor_file:dir { search }; + +vndbinder_use(hal_motor_default) diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index 39ebeef..459ba98 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -1,2 +1,3 @@ vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice_xiaomi:s0 vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:object_r:hal_fingerprint_hwservice_xiaomi:s0 +vendor.xiaomi.hardware.motor::IMotor u:object_r:hal_motor_hwservice_xiaomi:s0 diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te new file mode 100644 index 0000000..bbfff75 --- /dev/null +++ b/sepolicy/vendor/system_app.te @@ -0,0 +1,7 @@ +allow system_app hal_motor_hwservice_xiaomi:hwservice_manager find; + +binder_call(system_app, hal_motor) + +allow system_app { motor_device sysfs_graphics sysfs_leds }:dir search; +allow system_app { cgroup sysfs_graphics }:file rw_file_perms; +allow system_app { motor_device sysfs_graphics hall_device }:chr_file rw_file_perms;