Merge "slm : initial sepolicy rules."

9 files changed, 94 insertions, 1 deletions

diff --git a/qva/private/seapp_contexts b/qva/private/seapp_contexts
index 0eba5016..6a92d1d1 100644
--- a/qva/private/seapp_contexts
+++ b/qva/private/seapp_contexts
@@ -26,4 +26,4 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #Add new domain for qti value added Location apps
-user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file
\ No newline at end of file
+user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file
diff --git a/qva/vendor/common/cnd.te b/qva/vendor/common/cnd.te
index b4d2b743..9444bf01 100644
--- a/qva/vendor/common/cnd.te
+++ b/qva/vendor/common/cnd.te
@@ -61,6 +61,10 @@ allowxperm cnd self:udp_socket ioctl wlan_sock_ioctls;
 
 add_hwservice(cnd, hal_latency_hwservice)
 
+add_hwservice(cnd,hal_slmadapter_hwservice)
+
+get_prop(cnd,slm_prop)
+
 ##############################################################
 #for using public interface vendor.qti.data.factory
 #client should add their domain to cnd.te
diff --git a/qva/vendor/common/dataservice_app.te b/qva/vendor/common/dataservice_app.te
new file mode 100644
index 00000000..8a80e161
--- /dev/null
+++ b/qva/vendor/common/dataservice_app.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow dataservice_app hal_slmadapter_hwservice:hwservice_manager find;
diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te
index b0083e0a..c7b8e490 100644
--- a/qva/vendor/common/hwservice.te
+++ b/qva/vendor/common/hwservice.te
@@ -53,3 +53,4 @@ type hal_bluetooth_dun_hwservice, hwservice_manager_type;
 type hal_qseecom_hwservice, hwservice_manager_type;
 type hal_spu_hwservice, hwservice_manager_type;
 type hal_embmssl_hwservice, hwservice_manager_type;
+type hal_slmadapter_hwservice, hwservice_manager_type;
diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts
index 82443ec9..6158afa6 100644
--- a/qva/vendor/common/hwservice_contexts
+++ b/qva/vendor/common/hwservice_contexts
@@ -72,3 +72,4 @@ vendor.qti.hardware.cryptfshw::ICryptfsHw                    u:object_r:hal_keym
 vendor.qti.hardware.qseecom::IQSEECom                        u:object_r:hal_qseecom_hwservice:s0
 vendor.qti.spu::ISPUManager                                  u:object_r:hal_spu_hwservice:s0
 vendor.qti.hardware.embmssl::IEmbms                          u:object_r:hal_embmssl_hwservice:s0
+vendor.qti.hardware.slmadapter::ISlmAdapter                  u:object_r:hal_slmadapter_hwservice:s0
diff --git a/qva/vendor/common/property.te b/qva/vendor/common/property.te
index c8241d41..69220f66 100644
--- a/qva/vendor/common/property.te
+++ b/qva/vendor/common/property.te
@@ -91,3 +91,6 @@ type vendor_qvr_prop, property_type;
 
 #qmuxd property
 type ctl_qmuxd_prop, property_type;
+
+#slm property
+type slm_prop, property_type;
diff --git a/qva/vendor/common/property_contexts b/qva/vendor/common/property_contexts
index d3131271..483d062c 100644
--- a/qva/vendor/common/property_contexts
+++ b/qva/vendor/common/property_contexts
@@ -123,3 +123,6 @@ ctl.start$vendor.qmuxd                       u:object_r:ctl_qmuxd_prop:s0
 
 #bluetooth property
 ro.vendor.bt.enablelazyhal                   u:object_r:bluetooth_prop:s0 exact bool
+
+#SLM
+persist.vendor.slm.                          u:object_r:slm_prop:s0
diff --git a/qva/vendor/test/dualsta_app.te b/qva/vendor/test/dualsta_app.te
new file mode 100644
index 00000000..851b67a2
--- /dev/null
+++ b/qva/vendor/test/dualsta_app.te
@@ -0,0 +1,50 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# qva/private/location_app_test.te - sepolicy rules for qti value added
+# location apps (internal) that will be part of system image. eg: ODLT, Qlogcat
+
+type dualsta_app, domain;
+app_domain(dualsta_app)
+
+userdebug_or_eng(`
+  binder_call(cnd,dualsta_app)
+  binder_call(dualsta_app,cnd)
+  allow dualsta_app hal_datafactory_hwservice:hwservice_manager find;
+  allow dualsta_app activity_service:service_manager find;
+  allow dualsta_app activity_task_service:service_manager find;
+  allow dualsta_app audio_service:service_manager find;
+  allow dualsta_app autofill_service:service_manager find;
+  allow dualsta_app cgroup:file write;
+  allow dualsta_app gpu_service:service_manager find;
+  allow dualsta_app gpuservice:binder call;
+  allow dualsta_app surfaceflinger_service:service_manager find;
+  allow dualsta_app system_app_data_file:dir { add_name getattr remove_name search write };
+  allow dualsta_app system_app_data_file:file { create getattr map open read setattr unlink write };
+  allow dualsta_app textservices_service:service_manager find;
+')
+
diff --git a/qva/vendor/test/seapp_contexts b/qva/vendor/test/seapp_contexts
index 4aba4c49..f67d5d93 100644
--- a/qva/vendor/test/seapp_contexts
+++ b/qva/vendor/test/seapp_contexts
@@ -32,3 +32,6 @@ user=system seinfo=platform name=.loopbackservice domain=qtiloopback_app type=sy
 
 #Add new domain for QDMAUtils
 user=system seinfo=platform name=com.qualcomm.qti.qdmautils domain=qdmautils_app type=system_app_data_file
+
+user=system seinfo=platform name=com.qualcomm.qti.dualstaapp domain=dualsta_app type=system_app_data_file
+