From 0d3ddf604bf5c5ab6df0cce8bbad069567004fde Mon Sep 17 00:00:00 2001
From: Roopesh Rajashekharaiah Nataraja <roopeshr@codeaurora.org>
Date: Tue, 11 Apr 2017 14:01:05 -0700
Subject: [PATCH] Add sepolicies for binderized QCOM KM 3.0 and GK 1.0 HAL

Change-Id: Icb480b1072a70a7afd1296dc6feaec045d610b7a
---
 sepolicy/file_contexts         | 6 ++++--
 sepolicy/hal_gatekeeper_qti.te | 5 +++++
 sepolicy/hal_keymaster_qti.te  | 5 +++++
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 sepolicy/hal_gatekeeper_qti.te
 create mode 100644 sepolicy/hal_keymaster_qti.te

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index aa717f65..85a24e7a 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -197,12 +197,15 @@
 /vendor/bin/chre                u:object_r:chre_exec:s0
 /vendor/bin/folio_daemon        u:object_r:folio_daemon_exec:s0
 /vendor/bin/time_daemon         u:object_r:time_daemon_exec:s0
+/vendor/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /vendor/bin/init\.qcom\.devstart\.sh                                 u:object_r:init-qcom-devstart-sh_exec:s0
 /vendor/bin/init\.qcom\.ipastart\.sh                                 u:object_r:init-qcom-ipastart-sh_exec:s0
 /vendor/bin/init\.insmod\.sh                                         u:object_r:init-insmod-sh_exec:s0
 /vendor/etc/init\.insmod\.cfg                                        u:object_r:init-insmod-sh_exec:s0
+
 /vendor/bin/hw/android\.hardware\.vibrator@1\.0-service.wahoo        u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
+/vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti         u:object_r:hal_keymaster_qti_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:hal_gatekeeper_qti_exec:s0
 
 ###############################################
 # same-process HAL files and their dependencies
@@ -226,7 +229,6 @@
 # Loaded by native loader (zygote) for all processes
 /vendor/lib(64)?/libhalide_hexagon_host\.so u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadsprpc\.so             u:object_r:same_process_hal_file:s0
-###############################################
 
 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0
diff --git a/sepolicy/hal_gatekeeper_qti.te b/sepolicy/hal_gatekeeper_qti.te
new file mode 100644
index 00000000..a20faf1f
--- /dev/null
+++ b/sepolicy/hal_gatekeeper_qti.te
@@ -0,0 +1,5 @@
+type hal_gatekeeper_qti, domain;
+hal_server_domain(hal_gatekeeper_qti, hal_gatekeeper)
+
+type hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gatekeeper_qti)
diff --git a/sepolicy/hal_keymaster_qti.te b/sepolicy/hal_keymaster_qti.te
new file mode 100644
index 00000000..e3abb321
--- /dev/null
+++ b/sepolicy/hal_keymaster_qti.te
@@ -0,0 +1,5 @@
+type hal_keymaster_qti, domain;
+hal_server_domain(hal_keymaster_qti, hal_keymaster)
+
+type hal_keymaster_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymaster_qti)