Added sepolicy rule for vendor uuid mapping config
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.
Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 6521bde..ba0a494 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -147,6 +147,7 @@
vd_device
vendor_kernel_modules
vendor_modprobe
+ vendor_uuid_mapping_config_file
vibrator_manager_service
virtualization_service
vpn_management_service
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index f89c3ba..05f1d73 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -48,6 +48,7 @@
proc_vendor_sched
sysfs_vendor_sched
tv_iapp_service
+ vendor_uuid_mapping_config_file
vendor_vm_file
vendor_vm_data_file
virtual_device_service
diff --git a/private/domain.te b/private/domain.te
index a0e188b..5b9a5b1 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -511,6 +511,7 @@
-vendor_public_framework_file
-vendor_public_lib_file
-vendor_task_profiles_file
+ -vendor_uuid_mapping_config_file
-vndk_sp_file
}:file *;
')
diff --git a/private/file_contexts b/private/file_contexts
index c1110cf..fba5ff3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -412,6 +412,10 @@
/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
+# secure-element service: vendor uuid mapping config file
+/(odm|vendor/odm|vendor|system/vendor)/etc/hal_uuid_map_(.*)?\.xml u:object_r:vendor_uuid_mapping_config_file:s0
+
+
# Input configuration
/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0
diff --git a/private/secure_element.te b/private/secure_element.te
index 57f512b..fd3b688 100644
--- a/private/secure_element.te
+++ b/private/secure_element.te
@@ -12,3 +12,5 @@
# the secure element process, from a file in
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow secure_element shell_data_file:file read;
+
+allow secure_element vendor_uuid_mapping_config_file:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index b8b9899..1d53134 100644
--- a/public/file.te
+++ b/public/file.te
@@ -249,6 +249,9 @@
type vendor_keychars_file, vendor_file_type, file_type;
type vendor_idc_file, vendor_file_type, file_type;
+# Type for vendor uuid mapping config file
+type vendor_uuid_mapping_config_file, vendor_file_type, file_type;
+
# SoC-specific virtual machine disk files
type vendor_vm_file, vendor_file_type, file_type;
# SoC-specific virtual machine disk files that are mutable