Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ce542660c93451ac0a5a7463bc0bbc368d4963a7^! / . / private
commitce542660c93451ac0a5a7463bc0bbc368d4963a7[log] [tgz]
authorRajesh Nyamagoud <nyamagoud@google.com>Thu Nov 18 22:59:29 2021 +0000
committerRajesh Nyamagoud <nyamagoud@google.com>Sat Nov 20 01:08:11 2021 +0000
tree2bc28007c86c03bf6a1e92a5ce1c158569058c6b
parent453dcf6752ce226babe5e10c06efa5856b598beb [diff]
Added sepolicy rule for vendor uuid mapping config

New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 6521bde..ba0a494 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -147,6 +147,7 @@
     vd_device
     vendor_kernel_modules
     vendor_modprobe
+    vendor_uuid_mapping_config_file
     vibrator_manager_service
     virtualization_service
     vpn_management_service

diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index f89c3ba..05f1d73 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil

@@ -48,6 +48,7 @@
     proc_vendor_sched
     sysfs_vendor_sched
     tv_iapp_service
+    vendor_uuid_mapping_config_file
     vendor_vm_file
     vendor_vm_data_file
     virtual_device_service

diff --git a/private/domain.te b/private/domain.te
index a0e188b..5b9a5b1 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -511,6 +511,7 @@
     -vendor_public_framework_file
     -vendor_public_lib_file
     -vendor_task_profiles_file
+    -vendor_uuid_mapping_config_file
     -vndk_sp_file
   }:file *;
 ')

diff --git a/private/file_contexts b/private/file_contexts
index c1110cf..fba5ff3 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -412,6 +412,10 @@
 /(odm|vendor/odm)/overlay(/.*)?               u:object_r:vendor_overlay_file:s0
 /(odm|vendor/odm)/framework(/.*)?             u:object_r:vendor_framework_file:s0
 
+# secure-element service: vendor uuid mapping config file
+/(odm|vendor/odm|vendor|system/vendor)/etc/hal_uuid_map_(.*)?\.xml    u:object_r:vendor_uuid_mapping_config_file:s0
+
+
 # Input configuration
 /(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl        u:object_r:vendor_keylayout_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm        u:object_r:vendor_keychars_file:s0

diff --git a/private/secure_element.te b/private/secure_element.te
index 57f512b..fd3b688 100644
--- a/private/secure_element.te
+++ b/private/secure_element.te

@@ -12,3 +12,5 @@
 # the secure element process, from a file in
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow secure_element shell_data_file:file read;
+
+allow secure_element vendor_uuid_mapping_config_file:file r_file_perms;