diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te new file mode 100644 index 0000000..4f5d878 --- /dev/null +++ b/sepolicy/private/system_app.te @@ -0,0 +1 @@ +hal_client_domain(system_app, hal_mlipay) \ No newline at end of file diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes index c5a79e7..65cabc2 100644 --- a/sepolicy/public/attributes +++ b/sepolicy/public/attributes @@ -1,3 +1,3 @@ attribute hal_mlipay; attribute hal_mlipay_client; -attribute hal_mlipay_server; +attribute hal_mlipay_server; \ No newline at end of file diff --git a/sepolicy/public/property.te b/sepolicy/public/property.te index 72d3996..eef31d2 100644 --- a/sepolicy/public/property.te +++ b/sepolicy/public/property.te @@ -1,5 +1,2 @@ # Fingerprint -vendor_public_prop(vendor_fp_prop) - -# Mlipay -vendor_public_prop(vendor_mlipay_prop) +vendor_public_prop(vendor_fp_prop) \ No newline at end of file diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 60325ab..c9ab66a 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1 +1 @@ -get_prop({ appdomain -isolated_app }, vendor_mlipay_prop) +get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop) \ No newline at end of file diff --git a/sepolicy/vendor/hal_mlipay.te b/sepolicy/vendor/hal_mlipay.te index 5f4787f..6e0b68a 100644 --- a/sepolicy/vendor/hal_mlipay.te +++ b/sepolicy/vendor/hal_mlipay.te @@ -1,22 +1,4 @@ -type hal_mlipay_hwservice, hwservice_manager_type; - -type hal_mlipay_default, domain; -hal_server_domain(hal_mlipay_default, hal_mlipay) - -type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_mlipay_default) - # Allow hwbinder call from hal client to server binder_call(hal_mlipay_client, hal_mlipay_server) -# Add hwservice related rules -add_hwservice(hal_mlipay_server, hal_mlipay_hwservice) -allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find; - -allow hal_mlipay_default tee_device:chr_file rw_file_perms; -allow hal_mlipay_default ion_device:chr_file r_file_perms; - -r_dir_file(hal_mlipay_default, firmware_file) -set_prop(hal_mlipay_default, vendor_mlipay_prop); - -get_prop(hal_mlipay_default, vendor_fp_prop) +hal_attribute_hwservice(hal_mlipay, hal_mlipay_hwservice) diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay_default.te new file mode 100644 index 0000000..de94a03 --- /dev/null +++ b/sepolicy/vendor/hal_mlipay_default.te @@ -0,0 +1,16 @@ +type hal_mlipay_default, domain; +hal_server_domain(hal_mlipay_default, hal_mlipay) + +type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_mlipay_default) + +allow hal_mlipay_default { + ion_device + tee_device +}:chr_file rw_file_perms; + +r_dir_file(hal_mlipay_default, firmware_file) + +get_prop(hal_mlipay_default, vendor_fp_prop) +set_prop(hal_mlipay_default, vendor_tee_listener_prop) \ No newline at end of file diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te new file mode 100644 index 0000000..ed727d9 --- /dev/null +++ b/sepolicy/vendor/hwservice.te @@ -0,0 +1 @@ +type hal_mlipay_hwservice, hwservice_manager_type; \ No newline at end of file diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 00a5068..63bf70e 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -10,8 +10,8 @@ vendor.fps_hal. u:object_r:vendor_fp_prop:s0 vendor.silead.fp.ext. u:object_r:vendor_fp_prop:s0 # Mlipay -persist.vendor.sys.pay. u:object_r:vendor_mlipay_prop:s0 -persist.vendor.sys.provision.status u:object_r:vendor_mlipay_prop:s0 +persist.vendor.sys.pay. u:object_r:vendor_tee_listener_prop:s0 +persist.vendor.sys.provision.status u:object_r:vendor_tee_listener_prop:s0 # RIL odm.ril.radio.status. u:object_r:vendor_radio_prop:s0