From 92b4313d89397a42e4871bb5a271a874b5cdb8d6 Mon Sep 17 00:00:00 2001
From: Francescodario Cuzzocrea <bosconovic@gmail.com>
Date: Tue, 19 Mar 2024 22:22:10 +0100
Subject: [PATCH] common: add sepolicy for slsi tetheroffload HAL

Change-Id: I89fb4c0b1f58e8b9473d33a6bd91d1533df6f2a9
Signed-off-by: Francescodario Cuzzocrea <bosconovic@gmail.com>
---
 common/vendor/device.te                    |  1 +
 common/vendor/file_contexts                |  4 ++++
 common/vendor/hal_tetheroffload_default.te | 19 +++++++++++++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 common/vendor/hal_tetheroffload_default.te

diff --git a/common/vendor/device.te b/common/vendor/device.te
index 32626d3..7ecfa72 100644
--- a/common/vendor/device.te
+++ b/common/vendor/device.te
@@ -13,6 +13,7 @@ type vbmeta_block_device, dev_type;
 
 type bbd_device, dev_type;
 type cpu_dma_device, dev_type;
+type dit_device, dev_type;
 type drb_device, dev_type;
 type epic_device, dev_type;
 type fp_sensor_device, dev_type;
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index 3534175..45394cb 100644
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -47,6 +47,9 @@
 # cpu
 /dev/cpu_dma_latency                         u:object_r:cpu_dma_device:s0
 
+### DIT device
+/dev/dit                                     u:object_r:dit_device:s0
+
 ### epic
 /dev/mode                                    u:object_r:epic_device:s0
 /dev/socket/epic                             u:object_r:epicd_socket:s0
@@ -168,5 +171,6 @@
 /(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@[0-9].[0-9]-service                u:object_r:hal_gnss_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.configstore@[0-9]\.[0-9]-service   u:object_r:hal_vendor_configstore_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@[0-9]\.[0-9]-service    u:object_r:hal_vendor_hwcservice_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@[0-9]\.[0-9]-service                  u:object_r:hal_tetheroffload_default_exec:s0
 
 /(vendor|system/vendor)/firmware(/.*)?       u:object_r:vendor_firmware_file:s0
diff --git a/common/vendor/hal_tetheroffload_default.te b/common/vendor/hal_tetheroffload_default.te
new file mode 100644
index 0000000..0c0cccf
--- /dev/null
+++ b/common/vendor/hal_tetheroffload_default.te
@@ -0,0 +1,19 @@
+net_domain(hal_tetheroffload_default)
+
+# Allow operations with /dev/dit
+allow hal_tetheroffload_default dit_device:chr_file rw_file_perms;
+
+# Allow receiving NETLINK messages
+allow hal_tetheroffload_default self:{
+    netlink_socket
+    netlink_generic_socket
+} create_socket_perms_no_ioctl;
+
+# Alloc check interface
+allow hal_tetheroffload_default netd:unix_dgram_socket create_socket_perms;
+allow hal_tetheroffload_default netd:unix_dgram_socket {read write};
+
+# Register to hwbinder service
+add_hwservice(hal_tetheroffload_default, hal_tetheroffload_hwservice)
+hwbinder_use(hal_tetheroffload_default)
+get_prop(hal_tetheroffload_default, hwservicemanager_prop)
-- 
2.20.1