Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ae206f162372e5f8ce674c28f0be545098316e37^! / .
commitae206f162372e5f8ce674c28f0be545098316e37[log] [tgz]
authorBadhri Jagan Sridharan <Badhri@google.com>Thu Jan 12 17:18:52 2017 -0800
committerBadhri Jagan Sridharan <badhri@google.com>Fri Jan 27 00:05:19 2017 +0000
tree2693d39ea47db11f435be55fc38a19d3c572b6f7
parent6d26506cb645ed14d88493036c170fa0deb533e6 [diff]
sepolicy for usb hal

Bug: 31015010

cherry-pick from b6e4d4bdf12e8a61414596d3d23c5016ae0d6477

Test: checked for selinux denial msgs in the dmesg logs.
Change-Id: I8285ea05162ea0d75459e873e5c2bad2dbc7e5ba

diff --git a/private/file_contexts b/private/file_contexts
index 95b2782..31b7076 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -259,6 +259,7 @@
 /system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
 /system/bin/hw/android\.hardware\.sensors@1\.0-service        u:object_r:hal_sensors_default_exec:s0
 /system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
+/system/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0

diff --git a/private/hal_usb_default.te b/private/hal_usb_default.te
new file mode 100644
index 0000000..24017f9
--- /dev/null
+++ b/private/hal_usb_default.te

@@ -0,0 +1,4 @@
+type hal_usb_default, domain;
+hal_impl_domain(hal_usb_default, hal_usb)
+type hal_usb_default_exec, exec_type, file_type;
+init_daemon_domain(hal_usb_default)

diff --git a/public/attributes b/public/attributes
index 1aacd9e..4822ed5 100644
--- a/public/attributes
+++ b/public/attributes

@@ -138,6 +138,7 @@
 attribute hal_sensors;
 attribute hal_telephony;
 attribute hal_thermal;
+attribute hal_usb;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;

diff --git a/public/hal_usb.te b/public/hal_usb.te
new file mode 100644
index 0000000..5c31c06
--- /dev/null
+++ b/public/hal_usb.te

@@ -0,0 +1,14 @@
+# call into system_server process (callbacks)
+binder_call(hal_usb, system_server)
+
+allow hal_usb self:netlink_kobject_uevent_socket create;
+allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket bind;
+allow hal_usb self:netlink_kobject_uevent_socket read;
+allow hal_usb sysfs:dir open;
+allow hal_usb sysfs:dir read;
+allow hal_usb sysfs:file read;
+allow hal_usb sysfs:file open;
+allow hal_usb sysfs:file write;
+allow hal_usb sysfs:file getattr;
+

diff --git a/public/system_server.te b/public/system_server.te
index 1dfdafa..61f640d 100644
--- a/public/system_server.te
+++ b/public/system_server.te

@@ -178,6 +178,7 @@
 binder_call(system_server, hal_power)
 binder_call(system_server, hal_sensors)
 binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_usb)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, hal_wifi)