From 33ac1f9debec7634fba9113b2af90a5e28389089 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 27 Mar 2020 08:36:09 +0100 Subject: [PATCH] common: Add policy for sensors HAL Change-Id: If41bdbfe8f52ba0e5940502d904ce982bd235a0f --- common/vendor/device.te | 2 + common/vendor/file.te | 7 ++++ common/vendor/file_contexts | 2 + common/vendor/genfs_contexts | 13 ++++++ common/vendor/hal_sensors_default.te | 62 ++++++++++++++++++++++++++++ 5 files changed, 86 insertions(+) create mode 100644 common/vendor/hal_sensors_default.te diff --git a/common/vendor/device.te b/common/vendor/device.te index ec91c2b..4a4a52c 100644 --- a/common/vendor/device.te +++ b/common/vendor/device.te @@ -9,3 +9,5 @@ type radio_block_device, dev_type; type sec_efs_block_device, dev_type; type fp_sensor_device, dev_type; +type io_device, dev_type; +type ssp_device, dev_type; diff --git a/common/vendor/file.te b/common/vendor/file.te index 6e655ea..54a685c 100644 --- a/common/vendor/file.te +++ b/common/vendor/file.te @@ -19,13 +19,20 @@ type wifi_efs_file, file_type; ### SYSFS type sysfs_battery, sysfs_type, r_fs_type, fs_type; type sysfs_fingerprint, sysfs_type, r_fs_type, fs_type; +type sysfs_iio, sysfs_type, r_fs_type, fs_type; type sysfs_input, sysfs_type, r_fs_type, fs_type; +type sysfs_sec_key, sysfs_type, r_fs_type, fs_type; +type sysfs_sec_sensors, sysfs_type, r_fs_type, fs_type; type sysfs_sec_touchscreen, sysfs_type, r_fs_type, fs_type; +type sysfs_sensors, sysfs_type, r_fs_type, fs_type; type sysfs_wifi, sysfs_type, r_fs_type, fs_type; type sysfs_backlight_writable, sysfs_type, rw_fs_type, fs_type; type sysfs_battery_writable, sysfs_type, rw_fs_type, fs_type; +type sysfs_lcd_writable, sysfs_type, rw_fs_type, fs_type; type sysfs_power_writable, sysfs_type, rw_fs_type, fs_type; +type sysfs_sensors_writable, sysfs_type, rw_fs_type, fs_type; +type sysfs_spi_writeable, sysfs_type, rw_fs_type, fs_type; type sysfs_touchscreen_writable, sysfs_type, rw_fs_type, fs_type; type sysfs_wifi_writable, sysfs_type, rw_fs_type, fs_type; diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts index 0ef50a7..329c8c7 100644 --- a/common/vendor/file_contexts +++ b/common/vendor/file_contexts @@ -20,6 +20,8 @@ /dev/block/platform/.+/by-name/userdata u:object_r:userdata_block_device:s0 /dev/esfp[0-9] u:object_r:fp_sensor_device:s0 +/dev/batch_io u:object_r:io_device:s0 +/dev/ssp_sensorhub u:object_r:ssp_device:s0 ### EFS /efs/DAK(/.*)? u:object_r:prov_efs_file:s0 diff --git a/common/vendor/genfs_contexts b/common/vendor/genfs_contexts index 646923e..94e0659 100644 --- a/common/vendor/genfs_contexts +++ b/common/vendor/genfs_contexts @@ -1,11 +1,16 @@ # genfs_contexts ### SYSFS +genfscon sysfs /bus/iio/devices u:object_r:sysfs_iio:s0 + genfscon sysfs /class/backlight/ u:object_r:sysfs_backlight_writable:s0 genfscon sysfs /class/fingerprint/fingerprint u:object_r:sysfs_fingerprint:s0 genfscon sysfs /class/input u:object_r:sysfs_input:s0 genfscon sysfs /class/power_supply u:object_r:sysfs_battery:s0 +genfscon sysfs /class/sec/sensors u:object_r:sysfs_sec_sensors:s0 genfscon sysfs /class/sec/tsp u:object_r:sysfs_sec_touchscreen:s0 +genfscon sysfs /class/sensor_event u:object_r:sysfs_sensors:s0 +genfscon sysfs /class/sensors u:object_r:sysfs_sensors:s0 genfscon sysfs /class/timed_output/vibrator/intensity u:object_r:sysfs_vibrator:s0 genfscon sysfs /class/timed_output/vibrator/multi_freq u:object_r:sysfs_vibrator:s0 @@ -13,12 +18,20 @@ genfscon sysfs /devices/platform/battery/power_supply u:obje genfscon sysfs /devices/platform/battery/power_supply/battery/lcd u:object_r:sysfs_battery_writable:s0 genfscon sysfs /devices/platform/panel@0/backlight/panel/brightness u:object_r:sysfs_backlight_writable:s0 genfscon sysfs /devices/platform/panel@0/backlight/panel/max_brightness u:object_r:sysfs_backlight_writable:s0 +genfscon sysfs /devices/platform/panel@0/lcd/panel u:object_r:sysfs_lcd_writable:s0 genfscon sysfs /devices/virtual/fingerprint/fingerprint u:object_r:sysfs_fingerprint:s0 genfscon sysfs /devices/virtual/input u:object_r:sysfs_input:s0 +genfscon sysfs /devices/virtual/lcd/panel u:object_r:sysfs_lcd_writable:s0 +genfscon sysfs /devices/virtual/sec/sec_key u:object_r:sysfs_sec_key:s0 genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_sec_touchscreen:s0 genfscon sysfs /devices/virtual/sec/tsp/cmd u:object_r:sysfs_touchscreen_writable:s0 genfscon sysfs /devices/virtual/sec/tsp/ear_detect_enable u:object_r:sysfs_touchscreen_writable:s0 +genfscon sysfs /devices/virtual/sensor_event u:object_r:sysfs_sensors:s0 +genfscon sysfs /devices/virtual/sensors u:object_r:sysfs_sensors:s0 +genfscon sysfs /devices/virtual/sensors/hidden_hole/hh_check_coef u:object_r:sysfs_sensors_writable:s0 +genfscon sysfs /devices/virtual/sensors/ssp_sensor/enable u:object_r:sysfs_sensors_writable:s0 +genfscon sysfs /devices/virtual/sensors/ssp_sensor/ssp_flush u:object_r:sysfs_sensors_writable:s0 genfscon sysfs /devices/virtual/timed_output/vibrator/cp_trigger_index u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/virtual/timed_output/vibrator/intensity u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/virtual/timed_output/vibrator/multi_freq u:object_r:sysfs_vibrator:s0 diff --git a/common/vendor/hal_sensors_default.te b/common/vendor/hal_sensors_default.te new file mode 100644 index 0000000..0c2cbef --- /dev/null +++ b/common/vendor/hal_sensors_default.te @@ -0,0 +1,62 @@ +# hal_sensors_default.te + +# /dev/batch_io +allow hal_sensors_default io_device:chr_file r_file_perms; + +# /dev/iio:device1 +allow hal_sensors_default iio_device:chr_file r_file_perms; + +# /dev/ssp_sensorhub +allow hal_sensors_default ssp_device:chr_file rw_file_perms; + +# /efs +allow hal_sensors_default efs_file:dir r_dir_perms; + +# /efs/FactoryApp/ +allow hal_sensors_default app_efs_file:dir rw_dir_perms; +allow hal_sensors_default app_efs_file:file { setattr rw_file_perms }; + +# /sys/bus/iio/devices +allow hal_sensors_default sysfs_iio:dir r_dir_perms; +allow hal_sensors_default sysfs_iio:file r_file_perms; + +# /sys/class/sec/sensors +allow hal_sensors_default sysfs_sec_sensors:dir r_dir_perms; +allow hal_sensors_default sysfs_sec_sensors:file r_file_perms; + +# /sys/class/sensors/ssp_sensor/enable +allow hal_sensors_default sysfs_sensors_writable:dir r_dir_perms; +allow hal_sensors_default sysfs_sensors_writable:file rw_file_perms; + +# /sys/devices/platform/10970000.spi/ +allow hal_sensors_default sysfs_spi_writeable:dir r_dir_perms; +allow hal_sensors_default sysfs_spi_writeable:file rw_file_perms; + +# /sys/devices/platform/panel@0/lcd/panel/window_type +allow hal_sensors_default sysfs_lcd_writable:dir r_dir_perms; +allow hal_sensors_default sysfs_lcd_writable:file r_file_perms; + +# /sys/class/input +allow hal_sensors_default sysfs_input:dir r_dir_perms; + +# /sys/devices/virtual/input/input4 +# /sys/devices/virtual/input/input6 +allow hal_sensors_default sysfs_sensors:dir r_dir_perms; +allow hal_sensors_default sysfs_sensors:file r_file_perms; + +# /sys/devices/virtual/sensors/magnetic_sensor/vendor +allow hal_sensors_default sysfs_sensors:dir r_dir_perms; +allow hal_sensors_default sysfs_sensors:file r_file_perms; + +# /sys/devices/virtual/sec/sec_key/hall_detect +allow hal_sensors_default sysfs_sec_key:dir r_dir_perms; +allow hal_sensors_default sysfs_sec_key:file r_file_perms; + +# /sys/class/sec/tsp/ +allow hal_sensors_default sysfs_sec_touchscreen:dir r_dir_perms; +allow hal_sensors_default sysfs_sec_touchscreen:file r_file_perms; +allow hal_sensors_default sysfs_sec_touchscreen:lnk_file r_file_perms; + +# /sys/class/sec/tsp/ear_detect_enable +# /sys/class/sec/tsp/cmd +allow hal_sensors_default sysfs_touchscreen_writable:file rw_file_perms; -- 2.20.1