From c65590b7211ca033191f8808944e13d2fab2b730 Mon Sep 17 00:00:00 2001 From: Jan Altensen Date: Sun, 18 Oct 2020 13:38:56 +0200 Subject: [PATCH] mobicore: split into legacy and treble folders Change-Id: I44bdbc49944be89314f1f96d8a2c1c9fb58e1352 (cherry picked from commit 15a5fc063c5f37847cdc6e631e0deaeba28efbd7) --- sepolicy.mk | 15 ++++++++++++++- tee/mobicore/{ => common}/file.te | 0 tee/mobicore/{ => common}/file_contexts | 0 .../{ => common}/hal_fingerprint_default.te | 0 .../{ => common}/hal_gatekeeper_default.te | 0 .../{ => common}/hal_keymaster_default.te | 0 tee/mobicore/{ => common}/property.te | 0 tee/mobicore/{ => common}/tee.te | 4 ++-- tee/mobicore/{ => legacy}/init.te | 0 tee/mobicore/legacy/property_contexts | 1 + tee/mobicore/legacy/tee.te | 1 + tee/mobicore/{ => legacy}/vendor_init.te | 0 tee/mobicore/property_contexts | 1 - tee/mobicore/treble/property_contexts | 1 + 14 files changed, 19 insertions(+), 4 deletions(-) rename tee/mobicore/{ => common}/file.te (100%) rename tee/mobicore/{ => common}/file_contexts (100%) rename tee/mobicore/{ => common}/hal_fingerprint_default.te (100%) rename tee/mobicore/{ => common}/hal_gatekeeper_default.te (100%) rename tee/mobicore/{ => common}/hal_keymaster_default.te (100%) rename tee/mobicore/{ => common}/property.te (100%) rename tee/mobicore/{ => common}/tee.te (84%) rename tee/mobicore/{ => legacy}/init.te (100%) create mode 100644 tee/mobicore/legacy/property_contexts create mode 100644 tee/mobicore/legacy/tee.te rename tee/mobicore/{ => legacy}/vendor_init.te (100%) delete mode 100644 tee/mobicore/property_contexts create mode 100644 tee/mobicore/treble/property_contexts diff --git a/sepolicy.mk b/sepolicy.mk index 68644a6..09305d6 100644 --- a/sepolicy.mk +++ b/sepolicy.mk @@ -18,6 +18,19 @@ BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \ BOARD_SEPOLICY_DIRS += \ device/samsung_slsi/sepolicy/tee/teegris/vendor else ifeq ($(BOARD_SEPOLICY_TEE_FLAVOR),mobicore) +POLICY_TYPE := legacy +# a device might not set the shipping api level +# check if its empty to avoid erroring out in the next if +ifeq ($(PRODUCT_SHIPPING_API_LEVEL),) +$(warning no product shipping level defined, defaulting to legacy policy) +# devices launched with oreo or later should be treble +else ifneq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),26),) +POLICY_TYPE := treble +endif + +BOARD_SEPOLICY_DIRS += \ + device/samsung_slsi/sepolicy/tee/mobicore/$(POLICY_TYPE) + BOARD_SEPOLICY_DIRS += \ - device/samsung_slsi/sepolicy/tee/mobicore + device/samsung_slsi/sepolicy/tee/mobicore/common endif diff --git a/tee/mobicore/file.te b/tee/mobicore/common/file.te similarity index 100% rename from tee/mobicore/file.te rename to tee/mobicore/common/file.te diff --git a/tee/mobicore/file_contexts b/tee/mobicore/common/file_contexts similarity index 100% rename from tee/mobicore/file_contexts rename to tee/mobicore/common/file_contexts diff --git a/tee/mobicore/hal_fingerprint_default.te b/tee/mobicore/common/hal_fingerprint_default.te similarity index 100% rename from tee/mobicore/hal_fingerprint_default.te rename to tee/mobicore/common/hal_fingerprint_default.te diff --git a/tee/mobicore/hal_gatekeeper_default.te b/tee/mobicore/common/hal_gatekeeper_default.te similarity index 100% rename from tee/mobicore/hal_gatekeeper_default.te rename to tee/mobicore/common/hal_gatekeeper_default.te diff --git a/tee/mobicore/hal_keymaster_default.te b/tee/mobicore/common/hal_keymaster_default.te similarity index 100% rename from tee/mobicore/hal_keymaster_default.te rename to tee/mobicore/common/hal_keymaster_default.te diff --git a/tee/mobicore/property.te b/tee/mobicore/common/property.te similarity index 100% rename from tee/mobicore/property.te rename to tee/mobicore/common/property.te diff --git a/tee/mobicore/tee.te b/tee/mobicore/common/tee.te similarity index 84% rename from tee/mobicore/tee.te rename to tee/mobicore/common/tee.te index 667c8be..40359c6 100644 --- a/tee/mobicore/tee.te +++ b/tee/mobicore/common/tee.te @@ -5,8 +5,8 @@ allow tee gatekeeper_efs_file:file r_file_perms; allow tee init:unix_stream_socket connectto; allow tee property_socket:sock_file write; allow tee prov_efs_file:dir search; -allow tee system_prop:property_service set; -allow tee tee_prop:property_service set; + +set_prop(tee, tee_prop) # /dev/t-base-tui allow tee tee_device:chr_file r_file_perms; diff --git a/tee/mobicore/init.te b/tee/mobicore/legacy/init.te similarity index 100% rename from tee/mobicore/init.te rename to tee/mobicore/legacy/init.te diff --git a/tee/mobicore/legacy/property_contexts b/tee/mobicore/legacy/property_contexts new file mode 100644 index 0000000..d9bae11 --- /dev/null +++ b/tee/mobicore/legacy/property_contexts @@ -0,0 +1 @@ +sys.mobicoredaemon.enable u:object_r:tee_prop:s0 diff --git a/tee/mobicore/legacy/tee.te b/tee/mobicore/legacy/tee.te new file mode 100644 index 0000000..df22691 --- /dev/null +++ b/tee/mobicore/legacy/tee.te @@ -0,0 +1 @@ +set_prop(tee, system_prop) diff --git a/tee/mobicore/vendor_init.te b/tee/mobicore/legacy/vendor_init.te similarity index 100% rename from tee/mobicore/vendor_init.te rename to tee/mobicore/legacy/vendor_init.te diff --git a/tee/mobicore/property_contexts b/tee/mobicore/property_contexts deleted file mode 100644 index fb62b98..0000000 --- a/tee/mobicore/property_contexts +++ /dev/null @@ -1 +0,0 @@ -sys.mobicoredaemon.enable u:object_r:tee_prop:s0 diff --git a/tee/mobicore/treble/property_contexts b/tee/mobicore/treble/property_contexts new file mode 100644 index 0000000..618c059 --- /dev/null +++ b/tee/mobicore/treble/property_contexts @@ -0,0 +1 @@ +vendor.sys.mobicoredaemon.enable u:object_r:tee_prop:s0 -- 2.20.1