diff options
| author | dianlujitao <dianlujitao@lineageos.org> | 2020-02-19 20:28:52 +0800 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2020-04-30 00:49:34 +0300 |
| commit | a1410fdaa47a6e100cea08cca8ce8a1e3c4690a6 (patch) | |
| tree | 1e5334cbba4cedc49d5f86f07af81253496b1c48 | |
| parent | 1bc056ce96279b8f3cba92174f195d97b3dd546f (diff) | |
sdm660-common: sepolicy: Rework mlipay rules
Change-Id: Ib3935dac1de548da5ba6902365b2bab969b3b3b1
| -rw-r--r-- | sepolicy/private/system_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/public/attributes | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/app.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_mlipay.te (renamed from sepolicy/vendor/hal_mlipay_default.te) | 10 |
4 files changed, 9 insertions, 5 deletions
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te new file mode 100644 index 0000000..c9f1b37 --- /dev/null +++ b/sepolicy/private/system_app.te @@ -0,0 +1 @@ +hal_client_domain(system_app, hal_mlipay) diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes new file mode 100644 index 0000000..13df9a9 --- /dev/null +++ b/sepolicy/public/attributes @@ -0,0 +1 @@ +hal_attribute(mlipay) diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 776c7c6..a2d8aa6 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1,5 +1,3 @@ # Allow appdomain to get vendor_camera_prop -allow { appdomain -isolated_app -ephemeral_app -mediaprovider -untrusted_app_27 -untrusted_app -untrusted_app_25 -runas_app } hal_mlipay_hwservice:hwservice_manager find; -binder_call({ appdomain -isolated_app }, hal_mlipay_default) get_prop({ appdomain -isolated_app }, mlipay_prop) get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay.te index c6f721c..18d0413 100644 --- a/sepolicy/vendor/hal_mlipay_default.te +++ b/sepolicy/vendor/hal_mlipay.te @@ -1,11 +1,15 @@ type hal_mlipay_default, domain; +hal_server_domain(hal_mlipay_default, hal_mlipay) type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_mlipay_default) -hwbinder_use(hal_mlipay_default) -get_prop(hal_mlipay_default, hwservicemanager_prop) -add_hwservice(hal_mlipay_default, hal_mlipay_hwservice) +# Allow hwbinder call from hal client to server +binder_call(hal_mlipay_client, hal_mlipay_server) + +# Add hwservice related rules +add_hwservice(hal_mlipay_server, hal_mlipay_hwservice) +allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find; allow hal_mlipay_default tee_device:chr_file rw_file_perms; allow hal_mlipay_default ion_device:chr_file r_file_perms; |