mobicore: Add sepolicy for /vendor/app/mcRegistry

Change-Id: I522f2eee70c1166b66565e17a2c4760844541bb3
Signed-off-by: SamarV-121 <samarvispute121@gmail.com>

diff --git a/tee/mobicore/common/file.te b/tee/mobicore/common/file.te
index 121275d0e1a30a6fc4b37889ec8ab2bcfe3b4c1e..479906cb1ebb0d93a2bda19d8e3cbe1271002817 100644 (file)
--- a/tee/mobicore/common/file.te
+++ b/tee/mobicore/common/file.te
@@ -1,3 +1,4 @@
 type mobicore_vendor_data_file, file_type, data_file_type;
 type mobicore_data_file, file_type, core_data_file_type, data_file_type;
 type gatekeeper_efs_file, file_type;
+type mobicore_vendor_file, file_type;

diff --git a/tee/mobicore/common/file_contexts b/tee/mobicore/common/file_contexts
index 0a339bef8f6e81a04d077d14c6aadccbb6622fcc..09d995cf7a1eab10ad619d8a22394871b11e2499 100644 (file)
--- a/tee/mobicore/common/file_contexts
+++ b/tee/mobicore/common/file_contexts
@@ -1,3 +1,5 @@
 /dev/mobicore                                u:object_r:tee_device:s0
 /dev/mobicore-user                           u:object_r:tee_device:s0
 /dev/t-base-tui                              u:object_r:tee_device:s0
+
+/(vendor|system/vendor)/app/mcRegistry(/.*)? u:object_r:mobicore_vendor_file:s0

diff --git a/tee/mobicore/common/hal_fingerprint_default.te b/tee/mobicore/common/hal_fingerprint_default.te
index ceb8aa4a15ee8f09639c2a169682a97b61c654b1..130bdd3c239e13357daaf8cd8979809410e6ffdc 100644 (file)
--- a/tee/mobicore/common/hal_fingerprint_default.te
+++ b/tee/mobicore/common/hal_fingerprint_default.te
@@ -1,2 +1,5 @@
 # /dev/mobicore-user
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+r_dir_file(hal_fingerprint_default, mobicore_vendor_file)

diff --git a/tee/mobicore/common/hal_gatekeeper_default.te b/tee/mobicore/common/hal_gatekeeper_default.te
index c63173c92527e3d7d00d1b28302745ed6b558cc1..0b8d0037f3a3b9fcaf3affc0748d2c4545e7d8d0 100644 (file)
--- a/tee/mobicore/common/hal_gatekeeper_default.te
+++ b/tee/mobicore/common/hal_gatekeeper_default.te
@@ -1,2 +1,6 @@
 # /dev/mobicore-user
 allow hal_gatekeeper_default tee_device:chr_file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+allow hal_gatekeeper_default mobicore_vendor_file:dir search;
+allow hal_gatekeeper_default mobicore_vendor_file:file rw_file_perms;

diff --git a/tee/mobicore/common/hal_keymaster_default.te b/tee/mobicore/common/hal_keymaster_default.te
index 357775b5813134e252e1d0c97089a0ea240b60ab..ec1add1bad0c549992f98825c4c9a7106602c168 100644 (file)
--- a/tee/mobicore/common/hal_keymaster_default.te
+++ b/tee/mobicore/common/hal_keymaster_default.te
@@ -1 +1,5 @@
 get_prop(hal_keymaster_default, tee_prop)
+
+# /vendor/app/mcRegistry/
+allow hal_keymaster_default mobicore_vendor_file:dir search;
+allow hal_keymaster_default mobicore_vendor_file:file rw_file_perms;

diff --git a/tee/mobicore/common/system_server.te b/tee/mobicore/common/system_server.te
new file mode 100644 (file)
index 0000000..700bfb5
--- /dev/null
+++ b/tee/mobicore/common/system_server.te
@@ -0,0 +1 @@
+allow system_server mobicore_vendor_file:dir r_dir_perms;

diff --git a/tee/mobicore/common/tee.te b/tee/mobicore/common/tee.te
index 40359c6b2f6d2912416bb8c3e851f8f8c87e7817..be1f2ece531bd217813fd2cd32e0f15b4e130fc6 100644 (file)
--- a/tee/mobicore/common/tee.te
+++ b/tee/mobicore/common/tee.te
@@ -13,3 +13,6 @@ allow tee tee_device:chr_file r_file_perms;
 
 allow tee mobicore_vendor_data_file:dir r_dir_perms;
 allow tee mobicore_vendor_data_file:file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+r_dir_file(tee, mobicore_vendor_file)