ghost: Add additional Motorola service domains

Change-Id: Ib284086f1f71b58d6ac82ba585d0d06cf582d62b
author: Ethan Chen <intervigil@gmail.com> 2014-12-23 14:30:58 -0800
committer: Ethan Chen <intervigil@gmail.com> 2014-12-23 19:54:11 -0800
commit: 4f32423ddc655d9643bd5c4cd2bf642994ae23ce (patch)
tree: 63d765eabdf0db8c5e6356c64bb555b1b3189740
parent: b47d4a12c9d7c84136d4f3a74f98b074ed49f197 (diff)
11 files changed, 110 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 11073fd..1f21f8e 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -135,6 +135,32 @@ TARGET_USERIMAGES_USE_F2FS := true
 BOARD_SEPOLICY_DIRS += \
     device/motorola/ghost/sepolicy
 
+BOARD_SEPOLICY_UNION += \
+    adspd.te \
+    atvc.te \
+    batt_health.te \
+    bootmodem.te \
+    device.te \
+    file_contexts \
+    file.te \
+    init_shell.te \
+    init.te \
+    keystore.te \
+    location.te \
+    mediaserver.te \
+    mm-pp-daemon.te \
+    mm-qcamerad.te \
+    mpdecision.te \
+    msp430.te \
+    platform_app.te \
+    property_contexts \
+    property.te \
+    qdumpd.te \
+    rmt_storage.te \
+    system_app.te \
+    thermal-engine.te \
+    ueventd.te
+
 # USB
 TARGET_USE_CUSTOM_LUN_FILE_PATH := /sys/devices/platform/msm_hsusb/gadget/lun%d/file
 
diff --git a/sepolicy/adspd.te b/sepolicy/adspd.te
new file mode 100644
index 0000000..88a84fe
--- /dev/null
+++ b/sepolicy/adspd.te
@@ -0,0 +1,10 @@
+type adspd, domain;
+type adspd_exec, exec_type, file_type;
+init_daemon_domain(adspd)
+
+allow adspd adspd_device:chr_file { open read write ioctl };
+allow adspd input_device:dir search;
+allow adspd input_device:chr_file { open read ioctl };
+allow adspd sysfs_adspd:file { open read write };
+allow adspd system_data_file:dir { search write add_name };
+allow adspd system_data_file:file { read write };
diff --git a/sepolicy/atvc.te b/sepolicy/atvc.te
new file mode 100644
index 0000000..3a55cf3
--- /dev/null
+++ b/sepolicy/atvc.te
@@ -0,0 +1,7 @@
+type atvc, domain;
+type atvc_exec, exec_type, file_type;
+init_daemon_domain(atvc)
+
+allow atvc atvc_prop:property_service set;
+allow atvc pds_file:dir search;
+unix_socket_connect(atvc, property, init)
diff --git a/sepolicy/batt_health.te b/sepolicy/batt_health.te
new file mode 100644
index 0000000..2649bec
--- /dev/null
+++ b/sepolicy/batt_health.te
@@ -0,0 +1,12 @@
+type batt_health, domain;
+type batt_health_exec, exec_type, file_type;
+init_daemon_domain(batt_health);
+
+allow batt_health batt_health_data_file:dir search;
+allow batt_health batt_health_data_file:file { setattr };
+allow batt_health pds_file:dir search;
+allow batt_health pds_file:file { open read write };
+allow batt_health self:capability { dac_override net_admin setuid chown fowner fsetid };
+allow batt_health self:netlink_kobject_uevent_socket { create bind setopt read };
+allow batt_health sysfs_batt_health:dir search;
+allow batt_health sysfs_batt_health:file { open read write };
diff --git a/sepolicy/bootmodem.te b/sepolicy/bootmodem.te
new file mode 100644
index 0000000..8bb55c2
--- /dev/null
+++ b/sepolicy/bootmodem.te
@@ -0,0 +1,5 @@
+type bootmodem, domain;
+type bootmodem_exec, exec_type, file_type;
+init_daemon_domain(bootmodem)
+
+allow bootmodem self:socket create;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index c48317e..e6846f6 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,2 +1,10 @@
+# ADSPD
+type adspd_device, dev_type;
+type sysfs_adspd, fs_type, sysfs_type;
+
+# Battery health
+type batt_health_data_file, file_type, data_file_type;
+type sysfs_batt_health, fs_type, sysfs_type;
+
 # PDS
 type pds_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9bb4852..a0f4417 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,3 +1,11 @@
+# Binaries
+/system/bin/adspd                   u:object_r:adspd_exec:s0
+/system/bin/batt_health             u:object_r:batt_health_exec:s0
+/system/bin/bootmodem               u:object_r:bootmodem_exec:s0
+/system/bin/dbvc_atvc_property_set  u:object_r:atvc_exec:s0
+/system/bin/msp430                  u:object_r:msp430_exec:s0
+/system/bin/qdumpd                  u:object_r:qdumpd_exec:s0
+
 # Camera
 /data/cam_socket([0-9])+            u:object_r:camera_socket:s0
 /dev/motcamera0                     u:object_r:camera_device:s0
@@ -9,6 +17,23 @@
 # JPEG engine
 /dev/gemini.*                       u:object_r:camera_device:s0
 
+# Motorola services
+/data/power_supply_logger(/.*)?                                                     u:object_r:batt_health_data_file:s0
+/dev/ttyHS3                                                                         u:object_r:adspd_device:s0
+/sys/devices/801000.gpio/gpio/gpio15/value                                          u:object_r:sysfs_adspd:s0
+/sys/devices/801000.gpio/gpio/gpio65/edge                                           u:object_r:sysfs_adspd:s0
+/sys/devices/801000.gpio/gpio/gpio65/value                                          u:object_r:sysfs_adspd:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8xxx-gpio/gpio/gpio166/value         u:object_r:sysfs_adspd:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_auto_enable   u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_fail_clear    u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_ibatt         u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_itrick        u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_iusb          u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_usb_suspend   u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/force_chg_vinmin        u:object_r:sysfs_batt_health:s0
+/sys/devices/platform/msm_ssbi.0/pm8921-core/pm8921-charger/pcb_temp                u:object_r:sysfs_batt_health:s0
+/sys/module/pm8921_bms/parameters(/.*)?                                             u:object_r:sysfs_batt_health:s0
+
 # Partitions
 /dev/block/mmcblk0p8                u:object_r:utags_block_device:s0
 /dev/block/mmcblk0p21               u:object_r:hob_block_device:s0
@@ -20,6 +45,9 @@
 /pds(/.*)?                          u:object_r:pds_file:s0
 /pds/camera(/.*)?                   u:object_r:camera_data_file:s0
 
+# Ramdump
+/dev/coredump_modem                 u:object_r:ramdump_device:s0
+
 # Sensors
 /dev/msp430                         u:object_r:sensors_device:s0
 /dev/msp430_as                      u:object_r:sensors_device:s0
diff --git a/sepolicy/msp430.te b/sepolicy/msp430.te
new file mode 100644
index 0000000..6084915
--- /dev/null
+++ b/sepolicy/msp430.te
@@ -0,0 +1,5 @@
+type msp430, domain;
+type msp430_exec, exec_type, file_type;
+init_daemon_domain(msp430)
+
+allow msp430 sensors_device:chr_file { open write ioctl };
diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 0000000..2510c6e
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1,2 @@
+# Motorola service properties
+type atvc_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 0000000..acec321
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1,2 @@
+# Motorola service properties
+persist.atvc                u:object_r:atvc_prop:s0
diff --git a/sepolicy/qdumpd.te b/sepolicy/qdumpd.te
new file mode 100644
index 0000000..dcb46d5
--- /dev/null
+++ b/sepolicy/qdumpd.te
@@ -0,0 +1,5 @@
+type qdumpd, domain;
+type qdumpd_exec, exec_type, file_type;
+init_daemon_domain(qdumpd)
+
+allow qdumpd ramdump_device:chr_file { open read write };
author	Ethan Chen <intervigil@gmail.com>	2014-12-23 14:30:58 -0800
committer	Ethan Chen <intervigil@gmail.com>	2014-12-23 19:54:11 -0800
commit	4f32423ddc655d9643bd5c4cd2bf642994ae23ce (patch)
tree	63d765eabdf0db8c5e6356c64bb555b1b3189740
parent	b47d4a12c9d7c84136d4f3a74f98b074ed49f197 (diff)