Add sepolicies for binderized QCOM KM 3.0 and GK 1.0 HAL

Change-Id: Icb480b1072a70a7afd1296dc6feaec045d610b7a
2026-02-01 07:50:47 +00:00 · 2017-04-11 14:01:05 -07:00
parent cb0d612923
commit 0d3ddf604b
3 changed files with 14 additions and 2 deletions
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -197,12 +197,15 @@
 /vendor/bin/chre                u:object_r:chre_exec:s0
 /vendor/bin/folio_daemon        u:object_r:folio_daemon_exec:s0
 /vendor/bin/time_daemon         u:object_r:time_daemon_exec:s0
+/vendor/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /vendor/bin/init\.qcom\.devstart\.sh                                 u:object_r:init-qcom-devstart-sh_exec:s0
 /vendor/bin/init\.qcom\.ipastart\.sh                                 u:object_r:init-qcom-ipastart-sh_exec:s0
 /vendor/bin/init\.insmod\.sh                                         u:object_r:init-insmod-sh_exec:s0
 /vendor/etc/init\.insmod\.cfg                                        u:object_r:init-insmod-sh_exec:s0
+
 /vendor/bin/hw/android\.hardware\.vibrator@1\.0-service.wahoo        u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
+/vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti         u:object_r:hal_keymaster_qti_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:hal_gatekeeper_qti_exec:s0

 ###############################################
 # same-process HAL files and their dependencies
@@ -226,7 +229,6 @@
 # Loaded by native loader (zygote) for all processes
 /vendor/lib(64)?/libhalide_hexagon_host\.so u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadsprpc\.so             u:object_r:same_process_hal_file:s0
-###############################################

 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0
--- a/sepolicy/hal_gatekeeper_qti.te
+++ b/sepolicy/hal_gatekeeper_qti.te
@@ -0,0 +1,5 @@
+type hal_gatekeeper_qti, domain;
+hal_server_domain(hal_gatekeeper_qti, hal_gatekeeper)
+
+type hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gatekeeper_qti)
--- a/sepolicy/hal_keymaster_qti.te
+++ b/sepolicy/hal_keymaster_qti.te
@@ -0,0 +1,5 @@
+type hal_keymaster_qti, domain;
+hal_server_domain(hal_keymaster_qti, hal_keymaster)
+
+type hal_keymaster_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymaster_qti)