common: add sepolicy for rebalance_interrupts daemon

Change-Id: Ie1b5b21b77cbcdebc3160aa371daf1c5b9bb2785
Signed-off-by: Francescodario Cuzzocrea <bosconovic@gmail.com>

diff --git a/common/vendor/file.te b/common/vendor/file.te
index d7be99a2f33a112cdb00d15bf3b75ee423943917..805f892d5d5ad89dc4616371629cf598a84591fa 100644 (file)
--- a/common/vendor/file.te
+++ b/common/vendor/file.te
@@ -24,6 +24,7 @@ type tee_efs_file, file_type;
 type wifi_efs_file, file_type;
 
 # PROC
+type proc_irq, fs_type, proc_type;
 type proc_last_kmsg, fs_type, proc_type;
 
 # SOCKETS
@@ -37,6 +38,7 @@ type sysfs_bbd, sysfs_type, r_fs_type, fs_type;
 type sysfs_fingerprint, sysfs_type, r_fs_type, fs_type;
 type sysfs_iio, sysfs_type, r_fs_type, fs_type;
 type sysfs_input, sysfs_type, r_fs_type, fs_type;
+type sysfs_irq, fs_type, sysfs_type;
 type sysfs_sec_gps, sysfs_type, r_fs_type, fs_type;
 type sysfs_sec_key, sysfs_type, r_fs_type, fs_type;
 type sysfs_sec_sensors, sysfs_type, r_fs_type, fs_type;

diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index d0a28d13b8a0b4f8a5dc871d23cb9b152fecd8c4..3534175667020b07b39529be019b9d8565910f8c 100644 (file)
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -139,6 +139,8 @@
 /(vendor|system/vendor)/bin/hw/macloader         u:object_r:macloader_exec:s0
 /(vendor|system/vendor)/bin/hw/sehradiomanager   u:object_r:sehradiomanager_exec:s0
 
+/(vendor|system/vendor)/bin/rebalance_interrupts-vendor          u:object_r:rebalance_interrupts_vendor_exec:s0
+
 /(vendor|system/vendor)/lib(64)?/hw/gralloc\.exynos[0-9]*\.so    u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/lib(64)?/hw/vulkan\.mali\.so             u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/lib(64)?/libion_exynos\.so               u:object_r:same_process_hal_file:s0

diff --git a/common/vendor/genfs_contexts b/common/vendor/genfs_contexts
index a55cd17c537c907aa22bb74e08d2131c35b26d0c..ac29e7249b22ec0d6656b3ace17846d838c2ece8 100644 (file)
--- a/common/vendor/genfs_contexts
+++ b/common/vendor/genfs_contexts
@@ -1,6 +1,7 @@
 # genfs_contexts
 
 ### PROC
+genfscon proc /irq                  u:object_r:proc_irq:s0
 genfscon proc /last_kmsg                                                  u:object_r:proc_last_kmsg:s0
 
 ### SYSFS
@@ -53,6 +54,8 @@ genfscon sysfs /devices/virtual/timed_output/vibrator/cp_trigger_index    u:obje
 genfscon sysfs /devices/virtual/timed_output/vibrator/intensity           u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/virtual/timed_output/vibrator/multi_freq          u:object_r:sysfs_vibrator:s0
 
+genfscon sysfs /kernel/irq                                                u:object_r:sysfs_irq:s0
+
 genfscon sysfs /module/dhd/parameters                                     u:object_r:sysfs_wifi_writable:s0
 
 genfscon sysfs /power/cpufreq_max_limit                                   u:object_r:sysfs_power_writable:s0

diff --git a/common/vendor/rebalance_interrupts.te b/common/vendor/rebalance_interrupts.te
new file mode 100644 (file)
index 0000000..bc7e012
--- /dev/null
+++ b/common/vendor/rebalance_interrupts.te
@@ -0,0 +1,10 @@
+type rebalance_interrupts_vendor, domain;
+
+type rebalance_interrupts_vendor_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(rebalance_interrupts_vendor)
+
+allow rebalance_interrupts_vendor sysfs_irq:dir r_dir_perms;
+allow rebalance_interrupts_vendor sysfs_irq:file r_file_perms;
+allow rebalance_interrupts_vendor proc_irq:dir r_dir_perms;
+allow rebalance_interrupts_vendor proc_irq:file { rw_file_perms setattr };
+allow rebalance_interrupts_vendor self:capability { chown setuid setgid };