commit d77bc5a970879e0e7dc14fc15fe9f6b9f204034b
author Adam Shih <adamshih@google.com> Fri Jun 18 09:32:08 2021 +0800
committer Adam Shih <adamshih@google.com> Fri Jun 18 12:56:05 2021 +0800
tree e967f26f19e1d67408e4769b66c186c91e824bca
parent d9876fd2665bf2724fce681461505ce8fd99853d

organize confirmationui settings

Bug: 190331547
Bug: 190331370
Test: build ROM and make sure file and sepolicy is still there
Change-Id: I4cabf9280ab5e21038bcb72615799b7ed0fb1670

confirmationui/device.te

diff --git a/confirmationui/device.te b/confirmationui/device.te
new file mode 100644
index 0000000..54fe349
--- /dev/null
+++ b/confirmationui/device.te
@@ -0,0 +1 @@
+type tui_device, dev_type;

confirmationui/file_contexts

diff --git a/confirmationui/file_contexts b/confirmationui/file_contexts
new file mode 100644
index 0000000..49db417
--- /dev/null
+++ b/confirmationui/file_contexts
@@ -0,0 +1,4 @@
+/vendor/bin/securedpud\.slider                                                   u:object_r:securedpud_slider_exec:s0
+/vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor    u:object_r:hal_confirmationui_default_exec:s0
+
+/dev/tui-driver                                                                  u:object_r:tui_device:s0

confirmationui/hal_confirmationui.te

diff --git a/confirmationui/hal_confirmationui.te b/confirmationui/hal_confirmationui.te
new file mode 100644
index 0000000..a8f4ae8
--- /dev/null
+++ b/confirmationui/hal_confirmationui.te
@@ -0,0 +1,13 @@
+allow hal_confirmationui_default tee_device:chr_file rw_file_perms;
+
+binder_call(hal_confirmationui_default, keystore)
+
+vndbinder_use(hal_confirmationui_default)
+binder_call(hal_confirmationui_default, citadeld)
+allow hal_confirmationui_default citadeld_service:service_manager find;
+
+allow hal_confirmationui_default input_device:chr_file rw_file_perms;
+allow hal_confirmationui_default input_device:dir r_dir_perms;
+
+allow hal_confirmationui_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_confirmationui_default ion_device:chr_file r_file_perms;

confirmationui/securedpud.slider.te

diff --git a/confirmationui/securedpud.slider.te b/confirmationui/securedpud.slider.te
new file mode 100644
index 0000000..fd553a3
--- /dev/null
+++ b/confirmationui/securedpud.slider.te
@@ -0,0 +1,9 @@
+type securedpud_slider, domain;
+type securedpud_slider_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(securedpud_slider)
+
+allow securedpud_slider dmabuf_heap_device:chr_file r_file_perms;
+allow securedpud_slider ion_device:chr_file r_file_perms;
+allow securedpud_slider tee_device:chr_file rw_file_perms;
+allow securedpud_slider tui_device:chr_file rw_file_perms;