diff options
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/private/system_app.te | 1 | ||||
-rw-r--r-- | sepolicy/public/attributes | 1 | ||||
-rw-r--r-- | sepolicy/vendor/app.te | 2 | ||||
-rw-r--r-- | sepolicy/vendor/hal_mlipay.te (renamed from sepolicy/vendor/hal_mlipay_default.te) | 10 |
4 files changed, 9 insertions, 5 deletions
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te new file mode 100644 index 0000000..c9f1b37 --- /dev/null +++ b/sepolicy/private/system_app.te @@ -0,0 +1 @@ +hal_client_domain(system_app, hal_mlipay) diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes new file mode 100644 index 0000000..13df9a9 --- /dev/null +++ b/sepolicy/public/attributes @@ -0,0 +1 @@ +hal_attribute(mlipay) diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 776c7c6..a2d8aa6 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1,5 +1,3 @@ # Allow appdomain to get vendor_camera_prop -allow { appdomain -isolated_app -ephemeral_app -mediaprovider -untrusted_app_27 -untrusted_app -untrusted_app_25 -runas_app } hal_mlipay_hwservice:hwservice_manager find; -binder_call({ appdomain -isolated_app }, hal_mlipay_default) get_prop({ appdomain -isolated_app }, mlipay_prop) get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay.te index c6f721c..18d0413 100644 --- a/sepolicy/vendor/hal_mlipay_default.te +++ b/sepolicy/vendor/hal_mlipay.te @@ -1,11 +1,15 @@ type hal_mlipay_default, domain; +hal_server_domain(hal_mlipay_default, hal_mlipay) type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_mlipay_default) -hwbinder_use(hal_mlipay_default) -get_prop(hal_mlipay_default, hwservicemanager_prop) -add_hwservice(hal_mlipay_default, hal_mlipay_hwservice) +# Allow hwbinder call from hal client to server +binder_call(hal_mlipay_client, hal_mlipay_server) + +# Add hwservice related rules +add_hwservice(hal_mlipay_server, hal_mlipay_hwservice) +allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find; allow hal_mlipay_default tee_device:chr_file rw_file_perms; allow hal_mlipay_default ion_device:chr_file r_file_perms; |