diff options
| author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2023-11-07 06:49:08 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-11-07 06:49:08 +0000 |
| commit | f237b33c72cd025867cb822d547aeb4019400576 (patch) | |
| tree | 753d36fee647b1a6c44182939252d46c720c76ba | |
| parent | c11845e69e812553dae1766024742fd1774c1e3c (diff) | |
| parent | 04e4ac1717e1fcd1e41662a46ac5c667067b879b (diff) | |
| download | gs101-sepolicy-f237b33c72cd025867cb822d547aeb4019400576.tar.gz | |
Merge "sensors: Move USF related sepolicy to gs-common." into main
| -rw-r--r-- | gs101-sepolicy.mk | 3 | ||||
| -rw-r--r-- | usf/file.te | 16 | ||||
| -rw-r--r-- | usf/file_contexts | 12 | ||||
| -rw-r--r-- | usf/sensor_hal.te | 83 | ||||
| -rw-r--r-- | usf/te_macros | 14 | ||||
| -rw-r--r-- | whitechapel/vendor/google/hal_sensors_default.te | 24 |
6 files changed, 24 insertions, 128 deletions
diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index b9bb717..12768b9 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -10,9 +10,6 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/private BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101 -# Micro sensor framework (usf) -BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf - # system_ext SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/private diff --git a/usf/file.te b/usf/file.te deleted file mode 100644 index 8f49e32..0000000 --- a/usf/file.te +++ /dev/null @@ -1,16 +0,0 @@ -# -# USF file SELinux type enforcements. -# - -# Declare the sensor registry persist file type. By convention, persist file -# types begin with "persist_". -type persist_sensor_reg_file, file_type, vendor_persist_type; - -# Declare the sensor registry data file type. By convention, data file types -# end with "data_file". -type sensor_reg_data_file, file_type, data_file_type; - -# Declare the sensor debug data file type. By convention, data file types -# end with "data_file". -type sensor_debug_data_file, file_type, data_file_type; - diff --git a/usf/file_contexts b/usf/file_contexts deleted file mode 100644 index 3c7833b..0000000 --- a/usf/file_contexts +++ /dev/null @@ -1,12 +0,0 @@ -# -# USF SELinux file security contexts. -# - -# Sensor registry persist files. -/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 - -# Sensor registry data files. -/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 - -# Sensor debug data files. -/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te deleted file mode 100644 index 595aeef..0000000 --- a/usf/sensor_hal.te +++ /dev/null @@ -1,83 +0,0 @@ -# -# USF sensor HAL SELinux type enforcements. -# - -# Allow reading of sensor registry persist files and camera persist files. -allow hal_sensors_default persist_file:dir search; -allow hal_sensors_default mnt_vendor_file:dir search; -r_dir_file(hal_sensors_default, persist_sensor_reg_file) -r_dir_file(hal_sensors_default, persist_camera_file) - -# Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file create_file_perms; - -userdebug_or_eng(` - # Allow creation and writing of sensor debug data files. - allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; - allow hal_sensors_default sensor_debug_data_file:file create_file_perms; -') - -# Allow access to the AoC communication driver. -allow hal_sensors_default aoc_device:chr_file rw_file_perms; - -# Allow access to the AoC clock and kernel boot time sys FS node. This is needed -# to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms; - -# Allow create thread to watch AOC's device. -allow hal_sensors_default device:dir r_dir_perms; - -# Allow access to the files of CDT information. -r_dir_file(hal_sensors_default, sysfs_chosen) - -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_leds:dir search; -allow hal_sensors_default sysfs_leds:file rw_file_perms; - -# Allow access to the power supply files for MagCC. -r_dir_file(hal_sensors_default, sysfs_batteryinfo) -allow hal_sensors_default sysfs_wlc:dir r_dir_perms; - -# Allow access to sensor service for sensor_listener. -binder_call(hal_sensors_default, system_server); - -# Allow access to the sysfs_aoc. -allow hal_sensors_default sysfs_aoc:dir search; -allow hal_sensors_default sysfs_aoc:file r_file_perms; - -# Allow use of the USF low latency transport. -usf_low_latency_transport(hal_sensors_default) - -# Allow sensor HAL to reset AOC. -allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms; - -# Allow sensor HAL to read AoC dumpstate. -allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms; - -# Allow access for AoC properties. -get_prop(hal_sensors_default, vendor_aoc_prop) - -# Allow access for dynamic sensor properties. -get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) - -# Allow access to raw HID devices for dynamic sensors. -allow hal_sensors_default hidraw_device:chr_file rw_file_perms; - -# Allow sensor HAL to access the display service HAL -allow hal_sensors_default hal_pixel_display_service:service_manager find; -binder_call(hal_sensors_default, hal_graphics_composer_default) - -# Allow sensor HAL to access to display sysfs. -allow hal_sensors_default sysfs_display:file r_file_perms; - -# -# Suez type enforcements. -# - -# Allow SensorSuez to connect AIDL stats. -binder_use(hal_sensors_default); -allow hal_sensors_default fwk_stats_service:service_manager find; - -# Allow access to CHRE socket to connect to nanoapps. -unix_socket_connect(hal_sensors_default, chre, chre) diff --git a/usf/te_macros b/usf/te_macros deleted file mode 100644 index 01ac13c..0000000 --- a/usf/te_macros +++ /dev/null @@ -1,14 +0,0 @@ -# -# USF SELinux type enforcement macros. -# - -# -# usf_low_latency_transport(domain) -# -# Allows domain use of the USF low latency transport. -# -define(`usf_low_latency_transport', ` - allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; - hal_client_domain($1, hal_graphics_allocator) -') - diff --git a/whitechapel/vendor/google/hal_sensors_default.te b/whitechapel/vendor/google/hal_sensors_default.te new file mode 100644 index 0000000..57763d1 --- /dev/null +++ b/whitechapel/vendor/google/hal_sensors_default.te @@ -0,0 +1,24 @@ +# +# USF sensor HAL SELinux type enforcements. +# + +# Allow reading of camera persist files. +r_dir_file(hal_sensors_default, persist_camera_file) + +# Allow access to the files of CDT information. +r_dir_file(hal_sensors_default, sysfs_chosen) + +# Allow access for dynamic sensor properties. +get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) + +# Allow access to raw HID devices for dynamic sensors. +allow hal_sensors_default hidraw_device:chr_file rw_file_perms; + +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; + +# Allow sensor HAL to access the graphics composer. +binder_call(hal_sensors_default, hal_graphics_composer_default) + +# Allow access to the power supply files for MagCC. +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; |