summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/private/system_app.te1
-rw-r--r--sepolicy/public/attributes1
-rw-r--r--sepolicy/vendor/app.te2
-rw-r--r--sepolicy/vendor/hal_mlipay.te (renamed from sepolicy/vendor/hal_mlipay_default.te)10
4 files changed, 9 insertions, 5 deletions
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
new file mode 100644
index 0000000..c9f1b37
--- /dev/null
+++ b/sepolicy/private/system_app.te
@@ -0,0 +1 @@
+hal_client_domain(system_app, hal_mlipay)
diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes
new file mode 100644
index 0000000..13df9a9
--- /dev/null
+++ b/sepolicy/public/attributes
@@ -0,0 +1 @@
+hal_attribute(mlipay)
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 776c7c6..a2d8aa6 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1,5 +1,3 @@
# Allow appdomain to get vendor_camera_prop
-allow { appdomain -isolated_app -ephemeral_app -mediaprovider -untrusted_app_27 -untrusted_app -untrusted_app_25 -runas_app } hal_mlipay_hwservice:hwservice_manager find;
-binder_call({ appdomain -isolated_app }, hal_mlipay_default)
get_prop({ appdomain -isolated_app }, mlipay_prop)
get_prop({ appdomain -isolated_app }, hal_fingerprint_prop)
diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay.te
index c6f721c..18d0413 100644
--- a/sepolicy/vendor/hal_mlipay_default.te
+++ b/sepolicy/vendor/hal_mlipay.te
@@ -1,11 +1,15 @@
type hal_mlipay_default, domain;
+hal_server_domain(hal_mlipay_default, hal_mlipay)
type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_mlipay_default)
-hwbinder_use(hal_mlipay_default)
-get_prop(hal_mlipay_default, hwservicemanager_prop)
-add_hwservice(hal_mlipay_default, hal_mlipay_hwservice)
+# Allow hwbinder call from hal client to server
+binder_call(hal_mlipay_client, hal_mlipay_server)
+
+# Add hwservice related rules
+add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)
+allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find;
allow hal_mlipay_default tee_device:chr_file rw_file_perms;
allow hal_mlipay_default ion_device:chr_file r_file_perms;