From ac20091f7d08e5048adc8aa709630dc9e5641daa Mon Sep 17 00:00:00 2001 From: Erfan Abdi Date: Mon, 20 Dec 2021 12:06:48 +0330 Subject: [PATCH] sm6375-common: sepolicy: Add mlipay rules Change-Id: I1023e481d49ed5ec0ae15a513c65133987d6f556 --- sepolicy/public/attributes | 3 +++ sepolicy/public/property.te | 3 +++ sepolicy/vendor/app.te | 1 + sepolicy/vendor/file_contexts | 3 +++ sepolicy/vendor/hal_mlipay.te | 22 ++++++++++++++++++++++ sepolicy/vendor/hwservice_contexts | 3 +++ sepolicy/vendor/property_contexts | 4 ++++ 7 files changed, 39 insertions(+) create mode 100644 sepolicy/public/attributes create mode 100644 sepolicy/vendor/app.te create mode 100644 sepolicy/vendor/hal_mlipay.te diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes new file mode 100644 index 0000000..c5a79e7 --- /dev/null +++ b/sepolicy/public/attributes @@ -0,0 +1,3 @@ +attribute hal_mlipay; +attribute hal_mlipay_client; +attribute hal_mlipay_server; diff --git a/sepolicy/public/property.te b/sepolicy/public/property.te index b65b32f..72d3996 100644 --- a/sepolicy/public/property.te +++ b/sepolicy/public/property.te @@ -1,2 +1,5 @@ # Fingerprint vendor_public_prop(vendor_fp_prop) + +# Mlipay +vendor_public_prop(vendor_mlipay_prop) diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te new file mode 100644 index 0000000..60325ab --- /dev/null +++ b/sepolicy/vendor/app.te @@ -0,0 +1 @@ +get_prop({ appdomain -isolated_app }, vendor_mlipay_prop) diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index e655e3d..83b054e 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -31,6 +31,9 @@ # IR /dev/ir_spi u:object_r:ir_spi_device:s0 +# Mlipay +/vendor/bin/mlipayd@1.1 u:object_r:hal_mlipay_default_exec:s0 + # NFC /dev/pn553 u:object_r:nfc_device:s0 /dev/pn54x u:object_r:nfc_device:s0 diff --git a/sepolicy/vendor/hal_mlipay.te b/sepolicy/vendor/hal_mlipay.te new file mode 100644 index 0000000..5f4787f --- /dev/null +++ b/sepolicy/vendor/hal_mlipay.te @@ -0,0 +1,22 @@ +type hal_mlipay_hwservice, hwservice_manager_type; + +type hal_mlipay_default, domain; +hal_server_domain(hal_mlipay_default, hal_mlipay) + +type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_mlipay_default) + +# Allow hwbinder call from hal client to server +binder_call(hal_mlipay_client, hal_mlipay_server) + +# Add hwservice related rules +add_hwservice(hal_mlipay_server, hal_mlipay_hwservice) +allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find; + +allow hal_mlipay_default tee_device:chr_file rw_file_perms; +allow hal_mlipay_default ion_device:chr_file r_file_perms; + +r_dir_file(hal_mlipay_default, firmware_file) +set_prop(hal_mlipay_default, vendor_mlipay_prop); + +get_prop(hal_mlipay_default, vendor_fp_prop) diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index 96ef801..7af07e3 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -7,6 +7,9 @@ vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:obj vendor.silead.hardware.fingerprintext::ISileadFingerprint u:object_r:hal_fingerprint_hwservice:s0 vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:object_r:hal_fingerprint_hwservice:s0 +# Mlipay +vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 + # NFC vendor.nxp.nxpnfc::INxpNfc u:object_r:hal_nfc_hwservice:s0 vendor.nxp.nxpnfclegacy::INxpNfcLegacy u:object_r:hal_nfc_hwservice:s0 diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 834183e..00a5068 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -9,6 +9,10 @@ ro.hardware.fp. u:object_r:vendor_fp_prop:s0 vendor.fps_hal. u:object_r:vendor_fp_prop:s0 vendor.silead.fp.ext. u:object_r:vendor_fp_prop:s0 +# Mlipay +persist.vendor.sys.pay. u:object_r:vendor_mlipay_prop:s0 +persist.vendor.sys.provision.status u:object_r:vendor_mlipay_prop:s0 + # RIL odm.ril.radio.status. u:object_r:vendor_radio_prop:s0 odm.ril.radio.status.sim1 u:object_r:vendor_radio_prop:s0