Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PeripheralManager: Re-label as non-vendor type [LITE] #446

Merged
merged 1 commit into from Jan 17, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
@@ -0,0 +1,7 @@
# TODO(b/vndswitch): Remove this once per_mgr uses vendor binder.
# vendor.qcom.PeripheralManager needs to be defined here
# in the "private"(=platform) policy, since it is currently regognozed
# as a regular platform/framework service and will thus be ignored
# when defined in vendor/{vnd,}service_contexts
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0

@@ -0,0 +1,3 @@
# TODO(b/vndswitch): Move this declaration to
# vendor/vndservice.te once per_proxy uses vendor binder
type per_mgr_service, service_manager_type;
@@ -4,14 +4,27 @@ type per_mgr_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(per_mgr);

add_service(per_mgr, per_mgr_service)
# TODO(b/vndswitch): Remove once per_mgr uses vendor binder and
# per_mgr_service is a vndservice_manager_type
not_full_treble(`
typeattribute per_mgr binder_in_vendor_violators;
')

vndbinder_use(per_mgr)
# TODO(b/vndswitch): Remove once per_proxy uses vendor binder
not_full_treble(`
binder_use(per_mgr)
')

binder_call(per_mgr, hal_gnss)
binder_call(per_mgr, per_proxy)
binder_call(per_mgr, rild)
binder_call(per_mgr, wcnss_service)

not_full_treble(`
add_service(per_mgr, per_mgr_service)
')

allow per_mgr self:capability net_bind_service;

allow per_mgr self:socket create_socket_perms;
@@ -4,9 +4,22 @@ type per_proxy_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(per_proxy)

allow per_proxy per_mgr_service:service_manager find;
# TODO(b/vndswitch): Remove once per_proxy uses vendor binder
not_full_treble(`
typeattribute per_proxy binder_in_vendor_violators;
')

vndbinder_use(per_proxy)
# TODO(b/vndswitch): Remove once per_proxy uses vendor binder
not_full_treble(`
binder_use(per_proxy)
')

binder_call(per_proxy, per_mgr)

not_full_treble(`
allow per_proxy per_mgr_service:service_manager find;
')

r_dir_file(per_proxy, sysfs_msm_subsys)
r_dir_file(per_proxy, sysfs_esoc)
@@ -1,9 +1,21 @@
# TODO(b/vndswitch): Remove once per_mgr uses vendor binder and
# per_mgr_service is a vndservice_manager_type
not_full_treble(`
typeattribute rild binder_in_vendor_violators;
')

vndbinder_use(rild)
# TODO(b/vndswitch): Remove once per_mgr uses vendor binder
not_full_treble(`
binder_use(rild)
')

binder_call(rild, per_mgr)
binder_call(rild, qcrilam_app);

allow rild per_mgr_service:service_manager find;
not_full_treble(`
allow rild per_mgr_service:service_manager find;
')

allow rild radio_vendor_data_file:dir create_dir_perms;
allow rild radio_vendor_data_file:file create_file_perms;
@@ -1,3 +1,5 @@
type qdisplay_service, vndservice_manager_type;
type per_mgr_service, vndservice_manager_type;
# TODO(b/vndswitch): Re-enable once per_mgr uses vndbinder,
# then also remove the label from private/service_contexts
#type per_mgr_service, vndservice_manager_type;
type qcrilam_service, vndservice_manager_type;
@@ -1,3 +1,4 @@
display.qservice u:object_r:qdisplay_service:s0
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
# TODO(b/vndswitch): Re-enable this once per_mgr uses vendor binder
#vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
com.sony.qcrilam u:object_r:qcrilam_service:s0
@@ -5,10 +5,18 @@ type wcnss_service_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(wcnss_service)
net_domain(wcnss_service)

# TODO(b/vndswitch): Remove once per_mgr uses vendor binder and
# per_mgr_service is a vndservice_manager_type
not_full_treble(`
typeattribute wcnss_service binder_in_vendor_violators;
')

vndbinder_use(wcnss_service)
binder_call(wcnss_service, per_mgr)

allow wcnss_service per_mgr_service:service_manager find;
not_full_treble(`
allow wcnss_service per_mgr_service:service_manager find;
')
allow wcnss_service proc_net:file rw_file_perms;

allow wcnss_service self:capability {