diff options
| author | Alexander Diewald <Diewi@diewald-net.com> | 2017-11-08 22:59:23 +0100 |
|---|---|---|
| committer | Arian <arian.kulmer@web.de> | 2019-10-07 11:11:29 +0200 |
| commit | e17643d703870a2450b1c6deb264292eb0192402 (patch) | |
| tree | 5090504221bc738ea09ab9458b20768943b33805 | |
| parent | 4f44e51d579532a8fc9d2270f20b8b015d95e02b (diff) | |
shinano: Define SEpolicy for adsprpcd.
* Define the ioctls and grant access to the socket.
* Allow access to qseecom socket.
* Label adsprpcd service appropriately.
Change-Id: I4a0ccd322b16c30e7f10dccc1278ed17507d56e2
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
| -rw-r--r-- | rootdir/init.qcom.rc | 1 | ||||
| -rw-r--r-- | sepolicy/adsprpcd.te | 7 | ||||
| -rw-r--r-- | sepolicy/ioctl_defines | 17 | ||||
| -rw-r--r-- | sepolicy/ioctl_macros | 18 |
4 files changed, 43 insertions, 0 deletions
diff --git a/rootdir/init.qcom.rc b/rootdir/init.qcom.rc index ff86fcc..61c46a4 100644 --- a/rootdir/init.qcom.rc +++ b/rootdir/init.qcom.rc @@ -501,6 +501,7 @@ service adsprpcd /system/bin/adsprpcd class main user media group media + seclabel u:r:adsprpcd:s0 service charger /charger class charger diff --git a/sepolicy/adsprpcd.te b/sepolicy/adsprpcd.te new file mode 100644 index 0000000..8dcef13 --- /dev/null +++ b/sepolicy/adsprpcd.te @@ -0,0 +1,7 @@ +# access to qseecom qdsp_device +allow adsprpcd tee_device:chr_file rw_file_perms; +allowxperm adsprpcd tee_device:chr_file ioctl qseecom_sock_ipc_ioctls; + +# access to qseecom qdsp_device +allow adsprpcd qdsp_device:chr_file rw_file_perms; +allowxperm adsprpcd qdsp_device:chr_file ioctl adsprpcd_ioctls; diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines index a031d75..58c1243 100644 --- a/sepolicy/ioctl_defines +++ b/sepolicy/ioctl_defines @@ -1,5 +1,22 @@ +# socket ioctls defined in the kernel in ? --> BT define(`TCGETS', `0x00005401') define(`TCSETS', `0x00005402') define(`TCFLSH', `0x0000540b') define(`TIOCSETD', `0x00005423') define(`IOCTLUNKNOWN', `0x000055c8') + +# ioctls for audio dsp defined in kernel in include/linux/msm_adsp.h +define(`ADSP_IOCTL_ENABLE', `0x00005201') +define(`ADSP_IOCTL_DISABLE', `0x00005202') +define(`ADSP_IOCTL_DISABLE_ACK', `0x00005203') +define(`ADSP_IOCTL_WRITE_COMMAND', `0x00005204') +define(`ADSP_IOCTL_GET_EVENT', `0x00005205') +define(`ADSP_IOCTL_SET_CLKRATE', `0x00005206') +define(`ADSP_IOCTL_DISABLE_EVENT_RSP', `0x0000520a') +define(`ADSP_IOCTL_REGISTER_PMEM', `0x0000520d') +define(`ADSP_IOCTL_UNREGISTER_PMEM', `0x0000520e') +define(`ADSP_IOCTL_ABORT_EVENT_READ', `0x0000520f') +define(`ADSP_IOCTL_LINK_TASK', `0x00005210') + +# ioctls for mlog_qmi; extracted from the log +define(`MLOG_QMI_UNKNOWN', `0x0000c304') diff --git a/sepolicy/ioctl_macros b/sepolicy/ioctl_macros index 99df172..6756faf 100644 --- a/sepolicy/ioctl_macros +++ b/sepolicy/ioctl_macros @@ -5,3 +5,21 @@ TCFLSH TIOCSETD IOCTLUNKNOWN }') + +define(`adsprpcd_ioctls', `{ +ADSP_IOCTL_ENABLE +ADSP_IOCTL_DISABLE +ADSP_IOCTL_DISABLE_ACK +ADSP_IOCTL_WRITE_COMMAND +ADSP_IOCTL_GET_EVENT +ADSP_IOCTL_SET_CLKRATE +ADSP_IOCTL_DISABLE_EVENT_RSP +ADSP_IOCTL_REGISTER_PMEM +ADSP_IOCTL_UNREGISTER_PMEM +ADSP_IOCTL_ABORT_EVENT_READ +ADSP_IOCTL_LINK_TASK +}') + +define(`mlog_qmi_ioctls', `{ +MLOG_QMI_UNKNOWN +}') |