commit b6e4d4bdf12e8a61414596d3d23c5016ae0d6477
author Badhri Jagan Sridharan <Badhri@google.com> Thu Jan 12 17:18:52 2017 -0800
committer Badhri Jagan Sridharan <Badhri@google.com> Mon Jan 23 14:11:18 2017 -0800
tree d90a98a1f212c4f7951feca5313e6ca1f2fdd582
parent 00ca789633f1ead1d9d7f7d9dab1d42b9fc4f9c4

sepolicy for usb hal

Bug: 31015010

Test: checked for selinux denial msgs in the dmesg logs.
Change-Id: I8285ea05162ea0d75459e873e5c2bad2dbc7e5ba

public/attributes

diff --git a/public/attributes b/public/attributes
index aec85fb..c538540 100644
--- a/public/attributes
+++ b/public/attributes
@@ -136,6 +136,7 @@
 attribute hal_sensors;
 attribute hal_telephony;
 attribute hal_thermal;
+attribute hal_usb;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;

public/hal_usb.te

diff --git a/public/hal_usb.te b/public/hal_usb.te
new file mode 100644
index 0000000..5c31c06
--- /dev/null
+++ b/public/hal_usb.te
@@ -0,0 +1,14 @@
+# call into system_server process (callbacks)
+binder_call(hal_usb, system_server)
+
+allow hal_usb self:netlink_kobject_uevent_socket create;
+allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket bind;
+allow hal_usb self:netlink_kobject_uevent_socket read;
+allow hal_usb sysfs:dir open;
+allow hal_usb sysfs:dir read;
+allow hal_usb sysfs:file read;
+allow hal_usb sysfs:file open;
+allow hal_usb sysfs:file write;
+allow hal_usb sysfs:file getattr;
+

public/system_server.te

diff --git a/public/system_server.te b/public/system_server.te
index 67d78f9..adc2978 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -176,6 +176,7 @@
 binder_call(system_server, hal_power)
 binder_call(system_server, hal_sensors)
 binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_usb)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, hal_wifi)