Merge "Add selinux domain for verizon OBDM app" into oc-dr1-dev

2026-02-01 07:50:47 +00:00 · 2017-08-10 21:40:34 +00:00
parent 66324b03d8 cdddc5171c
commit 2a1b7561d9
6 changed files with 52 additions and 0 deletions
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -84,6 +84,7 @@ BOARD_ROOT_EXTRA_FOLDERS := persist firmware metadata
 BOARD_SEPOLICY_DIRS += device/google/wahoo/sepolicy/vendor
 BOARD_PLAT_PUBLIC_SEPOLICY_DIR := device/google/wahoo/sepolicy/public
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/wahoo/sepolicy/private
+BOARD_SEPOLICY_DIRS += device/google/wahoo/sepolicy/verizon

 TARGET_ANDROID_FILESYSTEM_CONFIG_H := device/google/wahoo/android_filesystem_config.h

--- a/sepolicy/verizon/keys.conf
+++ b/sepolicy/verizon/keys.conf
@@ -0,0 +1,2 @@
+[@VERIZON]
+ALL : device/google/wahoo/sepolicy/verizon/verizon.x509.pem
--- a/sepolicy/verizon/mac_permissions.xml
+++ b/sepolicy/verizon/mac_permissions.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+    <signer signature="@VERIZON" >
+        <seinfo value="verizon" />
+    </signer>
+</policy>
--- a/sepolicy/verizon/obdm_app.te
+++ b/sepolicy/verizon/obdm_app.te
@@ -0,0 +1,19 @@
+type obdm_app, domain, coredomain;
+
+app_domain(obdm_app)
+net_domain(obdm_app)
+
+r_dir_file(obdm_app, proc)
+
+# talk to /dev/diag
+allow obdm_app diag_device:chr_file rw_file_perms;
+
+allow obdm_app app_api_service:service_manager find;
+allow obdm_app radio_service:service_manager find;
+allow obdm_app surfaceflinger_service:service_manager find;
+
+allow obdm_app self:socket create_socket_perms;
+allowxperm obdm_app self:socket ioctl { 0x0000c302 0x0000c304 };
+
+allow obdm_app sysfs:dir r_dir_perms;
+r_dir_file(obdm_app, sysfs_msm_subsys)
--- a/sepolicy/verizon/seapp_contexts
+++ b/sepolicy/verizon/seapp_contexts
@@ -0,0 +1,3 @@
+# Verizon for OBDM tool
+user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all
+user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all
--- a/sepolicy/verizon/verizon.x509.pem
+++ b/sepolicy/verizon/verizon.x509.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIEMzx+mzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECBMCTkoxDzANBgNVBAcTBldhcnJlbjEZMBcGA1UEChMQVmVyaXpv
+biBXaXJlbGVzczELMAkGA1UECxMCRFQxFDASBgNVBAMTC0RNQVQgQ2xpZW50MCAX
+DTE2MTAxMTIxMzgzN1oYDzIxMTYwOTE3MjEzODM3WjBpMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTkoxDzANBgNVBAcTBldhcnJlbjEZMBcGA1UEChMQVmVyaXpvbiBX
+aXJlbGVzczELMAkGA1UECxMCRFQxFDASBgNVBAMTC0RNQVQgQ2xpZW50MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8y6pz1KPVolO8wj02oWSzuLZHWg
+HuatQ5RlbXFBqS9/ScPSw3t/Yt+jg2++VUG726qL7ydx8g3AzMktWHNkdhg6j8Dz
+fkEMa/oqcr+VOAQyPw4X0xkUs6ICsEuULRaAwY1NwSVCrTuSlxzlmumbTCg+tp4Y
+m2FXEct8VNayJcrLnTwl/IiYmFLNLLiZPrwqbSkMVfYbfxws7c2lVZI4qhIC7WWA
+HW5PyhO3Vdhjoj4E1QzkyabtB6el3kfE0xIta1IHV2iJdoAlESjaj3UT1i9d+Twt
+7DCsu/ZevIl/g/vwbYi2uqQuSs/a3/qeUcawvcQZR4vWHo/Gx8PyiTZHJwIDAQAB
+oyEwHzAdBgNVHQ4EFgQUMytyC5Cq0A2kE99nyokx0kTzVH0wDQYJKoZIhvcNAQEL
+BQADggEBAE8AexGFmzTp0ZGgRaiv80ONc5PVA12T7h2F5ZN1Yqg99yhpoS6kBIsw
+EG149nIcgOnSYk7ukTcjfsKcbFaB7tV1dw6SUqjmsqLpzVxGI32/DVdIorfxwaHZ
+dKjvlC9Yh1uDEipKuEzR+nXRnzMdMzEv6KOXeIXJxTHY/f538oPVuiXksdnjllmV
+xL1waQrZzdS15hfeBpGlC0WXk9wMiBbJNfEqQ5/J0EaFu+zPk8R3VLQ8WvKcXPyK
+30vZ56McQuwz2MT/gQxnR84LRXUhLGoWOr0MYFzOwhTso2vhIlEysGX+HtkEJh3L
+Hc+p+viW7lz17QqvZmOxjb6atkRpOVY=
+-----END CERTIFICATE-----