From f3f6824111b3b39281dbdc96d6749dc82a69979b Mon Sep 17 00:00:00 2001
From: SamarV-121 <samarvispute121@gmail.com>
Date: Thu, 15 Jul 2021 22:43:40 +0530
Subject: [PATCH] mobicore: Add sepolicy for trustonic HALs

Change-Id: I061a91244c8ce5e9fb3528e1a188187a551a786a
Signed-off-by: SamarV-121 <samarvispute121@gmail.com>
---
 tee/mobicore/common/attributes                |  6 ++++++
 tee/mobicore/common/file_contexts             |  3 +++
 tee/mobicore/common/hal_tee_default.te        | 17 +++++++++++++++
 .../common/hal_teeregistry_default.te         | 21 +++++++++++++++++++
 tee/mobicore/common/hwservice.te              |  2 ++
 tee/mobicore/common/hwservice_contexts        |  3 +++
 6 files changed, 52 insertions(+)
 create mode 100644 tee/mobicore/common/attributes
 create mode 100644 tee/mobicore/common/hal_tee_default.te
 create mode 100644 tee/mobicore/common/hal_teeregistry_default.te
 create mode 100644 tee/mobicore/common/hwservice.te
 create mode 100644 tee/mobicore/common/hwservice_contexts

diff --git a/tee/mobicore/common/attributes b/tee/mobicore/common/attributes
new file mode 100644
index 0000000..b19b41e
--- /dev/null
+++ b/tee/mobicore/common/attributes
@@ -0,0 +1,6 @@
+attribute hal_tee_client;
+attribute hal_tee_server;
+attribute hal_tee;
+attribute hal_teeregistry_client;
+attribute hal_teeregistry_server;
+attribute hal_teeregistry;
diff --git a/tee/mobicore/common/file_contexts b/tee/mobicore/common/file_contexts
index c81d956..a0c3110 100644
--- a/tee/mobicore/common/file_contexts
+++ b/tee/mobicore/common/file_contexts
@@ -5,3 +5,6 @@
 /dev/t-base-tui                              u:object_r:tee_device:s0
 
 /(vendor|system/vendor)/app/mcRegistry(/.*)? u:object_r:mobicore_vendor_file:s0
+
+/(vendor|system/vendor)/bin/hw/vendor\.trustonic\.tee@[0-9]\.[0-9]-service                        u:object_r:hal_tee_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.trustonic\.teeregistry@[0-9]\.[0-9]-service                u:object_r:hal_teeregistry_default_exec:s0
diff --git a/tee/mobicore/common/hal_tee_default.te b/tee/mobicore/common/hal_tee_default.te
new file mode 100644
index 0000000..11c19f3
--- /dev/null
+++ b/tee/mobicore/common/hal_tee_default.te
@@ -0,0 +1,17 @@
+type hal_tee_default, domain;
+type hal_tee_default_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_tee_default)
+
+hal_client_domain(hal_tee_default, hal_allocator)
+hal_server_domain(hal_tee_default, hal_tee)
+
+binder_call(hal_tee_client, hal_tee_server)
+binder_call(hal_tee_server, hal_tee_client)
+
+add_hwservice(hal_tee_server, hal_tee_hwservice)
+allow hal_tee_client hal_tee_hwservice:hwservice_manager find;
+
+allow hal_tee_default hidl_memory_hwservice:hwservice_manager find;
+
+allow hal_tee_default tee_device:chr_file rw_file_perms;
diff --git a/tee/mobicore/common/hal_teeregistry_default.te b/tee/mobicore/common/hal_teeregistry_default.te
new file mode 100644
index 0000000..e8081ba
--- /dev/null
+++ b/tee/mobicore/common/hal_teeregistry_default.te
@@ -0,0 +1,21 @@
+type hal_teeregistry_default, domain;
+type hal_teeregistry_default_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_teeregistry_default)
+
+hal_client_domain(hal_teeregistry_default, hal_allocator)
+hal_server_domain(hal_teeregistry_default, hal_teeregistry)
+
+binder_call(hal_teeregistry_client, hal_teeregistry_server)
+binder_call(hal_teeregistry_server, hal_teeregistry_client)
+
+add_hwservice(hal_teeregistry_server, hal_teeregistry_hwservice)
+allow hal_teeregistry_client hal_teeregistry_hwservice:hwservice_manager find;
+
+allow hal_teeregistry_default hidl_memory_hwservice:hwservice_manager find;
+
+allow hal_teeregistry_default tee_device:chr_file rw_file_perms;
+
+allow hal_teeregistry_default mobicore_vendor_data_file:dir create_dir_perms;
+allow hal_teeregistry_default mobicore_vendor_data_file:file create_file_perms;
+allow hal_teeregistry_default mobicore_vendor_file:file r_file_perms;
diff --git a/tee/mobicore/common/hwservice.te b/tee/mobicore/common/hwservice.te
new file mode 100644
index 0000000..ad72d05
--- /dev/null
+++ b/tee/mobicore/common/hwservice.te
@@ -0,0 +1,2 @@
+type hal_tee_hwservice, hwservice_manager_type;
+type hal_teeregistry_hwservice, hwservice_manager_type;
diff --git a/tee/mobicore/common/hwservice_contexts b/tee/mobicore/common/hwservice_contexts
new file mode 100644
index 0000000..91ae376
--- /dev/null
+++ b/tee/mobicore/common/hwservice_contexts
@@ -0,0 +1,3 @@
+vendor.trustonic.tee::ITee                                           u:object_r:hal_tee_hwservice:s0
+vendor.trustonic.tee.tui::ITui                                       u:object_r:hal_tee_hwservice:s0
+vendor.trustonic.teeregistry::ITeeRegistry                           u:object_r:hal_teeregistry_hwservice:s0
-- 
2.20.1