From accec86c1a7bb7a2ba98ba64a7611c4811eaaffa Mon Sep 17 00:00:00 2001
From: SamarV-121 <samarvispute121@gmail.com>
Date: Thu, 15 Jul 2021 22:28:52 +0530
Subject: [PATCH] mobicore: Add sepolicy for /vendor/app/mcRegistry

Change-Id: I522f2eee70c1166b66565e17a2c4760844541bb3
Signed-off-by: SamarV-121 <samarvispute121@gmail.com>
---
 tee/mobicore/common/file.te                    | 1 +
 tee/mobicore/common/file_contexts              | 2 ++
 tee/mobicore/common/hal_fingerprint_default.te | 3 +++
 tee/mobicore/common/hal_gatekeeper_default.te  | 4 ++++
 tee/mobicore/common/hal_keymaster_default.te   | 4 ++++
 tee/mobicore/common/system_server.te           | 1 +
 tee/mobicore/common/tee.te                     | 3 +++
 7 files changed, 18 insertions(+)
 create mode 100644 tee/mobicore/common/system_server.te

diff --git a/tee/mobicore/common/file.te b/tee/mobicore/common/file.te
index 121275d..479906c 100644
--- a/tee/mobicore/common/file.te
+++ b/tee/mobicore/common/file.te
@@ -1,3 +1,4 @@
 type mobicore_vendor_data_file, file_type, data_file_type;
 type mobicore_data_file, file_type, core_data_file_type, data_file_type;
 type gatekeeper_efs_file, file_type;
+type mobicore_vendor_file, file_type;
diff --git a/tee/mobicore/common/file_contexts b/tee/mobicore/common/file_contexts
index 0a339be..09d995c 100644
--- a/tee/mobicore/common/file_contexts
+++ b/tee/mobicore/common/file_contexts
@@ -1,3 +1,5 @@
 /dev/mobicore                                u:object_r:tee_device:s0
 /dev/mobicore-user                           u:object_r:tee_device:s0
 /dev/t-base-tui                              u:object_r:tee_device:s0
+
+/(vendor|system/vendor)/app/mcRegistry(/.*)? u:object_r:mobicore_vendor_file:s0
diff --git a/tee/mobicore/common/hal_fingerprint_default.te b/tee/mobicore/common/hal_fingerprint_default.te
index ceb8aa4..130bdd3 100644
--- a/tee/mobicore/common/hal_fingerprint_default.te
+++ b/tee/mobicore/common/hal_fingerprint_default.te
@@ -1,2 +1,5 @@
 # /dev/mobicore-user
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+r_dir_file(hal_fingerprint_default, mobicore_vendor_file)
diff --git a/tee/mobicore/common/hal_gatekeeper_default.te b/tee/mobicore/common/hal_gatekeeper_default.te
index c63173c..0b8d003 100644
--- a/tee/mobicore/common/hal_gatekeeper_default.te
+++ b/tee/mobicore/common/hal_gatekeeper_default.te
@@ -1,2 +1,6 @@
 # /dev/mobicore-user
 allow hal_gatekeeper_default tee_device:chr_file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+allow hal_gatekeeper_default mobicore_vendor_file:dir search;
+allow hal_gatekeeper_default mobicore_vendor_file:file rw_file_perms;
diff --git a/tee/mobicore/common/hal_keymaster_default.te b/tee/mobicore/common/hal_keymaster_default.te
index 357775b..ec1add1 100644
--- a/tee/mobicore/common/hal_keymaster_default.te
+++ b/tee/mobicore/common/hal_keymaster_default.te
@@ -1 +1,5 @@
 get_prop(hal_keymaster_default, tee_prop)
+
+# /vendor/app/mcRegistry/
+allow hal_keymaster_default mobicore_vendor_file:dir search;
+allow hal_keymaster_default mobicore_vendor_file:file rw_file_perms;
diff --git a/tee/mobicore/common/system_server.te b/tee/mobicore/common/system_server.te
new file mode 100644
index 0000000..700bfb5
--- /dev/null
+++ b/tee/mobicore/common/system_server.te
@@ -0,0 +1 @@
+allow system_server mobicore_vendor_file:dir r_dir_perms;
diff --git a/tee/mobicore/common/tee.te b/tee/mobicore/common/tee.te
index 40359c6..be1f2ec 100644
--- a/tee/mobicore/common/tee.te
+++ b/tee/mobicore/common/tee.te
@@ -13,3 +13,6 @@ allow tee tee_device:chr_file r_file_perms;
 
 allow tee mobicore_vendor_data_file:dir r_dir_perms;
 allow tee mobicore_vendor_data_file:file rw_file_perms;
+
+# /vendor/app/mcRegistry/
+r_dir_file(tee, mobicore_vendor_file)
-- 
2.20.1