sdm845-common: sepolicy: Add FOD related rules

Change-Id: I8fd985bf4eab1747351f9e717cc33fa6d5ab1517
2019-07-14 21:23:15 +02:00 · 2019-07-14 21:23:15 +02:00 · b7b20467fa
commit b7b20467fa
parent 9061ea5381
7 changed files with 27 additions and 0 deletions
--- a/sepolicy/private/attributes
+++ b/sepolicy/private/attributes
@ -0,0 +1 @@
+hal_attribute(display)
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@ -11,6 +11,7 @@ type proc_touchpanel, fs_type, proc_type;

 # sysfs
 type sysfs_battery_supply, sysfs_type, fs_type;
+type sysfs_fod, sysfs_type, fs_type;
 type sysfs_fpc_proximity, sysfs_type, fs_type;
 type sysfs_graphics, sysfs_type, fs_type;
 type sysfs_oem, sysfs_type, fs_type;
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@ -17,6 +17,7 @@

 # HALs
 /system/bin/hw/android\.hardware\.light@2\.0-service\.oneplus_sdm845    u:object_r:hal_light_sdm845_exec:s0
+/system/bin/hw/lineage\.biometrics\.fingerprint\.inscreen@1.0-service\.oneplus_fajita    u:object_r:hal_fod_sdm845_exec:s0
 /system/bin/hw/lineage\.livedisplay@2\.0-service\.oneplus_sdm845    u:object_r:hal_livedisplay_sdm845_exec:s0
 /system/bin/hw/lineage\.touch@1\.0-service\.oneplus_sdm845    u:object_r:hal_touch_sdm845_exec:s0
 /system/bin/hw/lineage\.trust@1\.0-service                    u:object_r:hal_trust_default_exec:s0
--- a/sepolicy/private/genfs_contexts
+++ b/sepolicy/private/genfs_contexts
@ -1,4 +1,6 @@
 genfscon proc  /touchpanel u:object_r:proc_touchpanel:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dim_alpha u:object_r:sysfs_fod:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/op_friginer_print_hbm u:object_r:sysfs_fod:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/hbm u:object_r:sysfs_livedisplay_tuneable:s0
--- a/sepolicy/private/hal_display_default.te
+++ b/sepolicy/private/hal_display_default.te
@ -0,0 +1 @@
+type hal_display_default, domain;
--- a/sepolicy/private/hal_fod_sdm845.te
+++ b/sepolicy/private/hal_fod_sdm845.te
@ -0,0 +1,20 @@
+type hal_fod_sdm845, coredomain, domain;
+hal_server_domain(hal_fod_sdm845, hal_lineage_fod)
+
+type hal_fod_sdm845_exec, exec_type, file_type;
+init_daemon_domain(hal_fod_sdm845)
+
+# Allow binder communication with hal_display_default
+binder_call(hal_fod_sdm845, hal_display_default)
+
+# Allow binder communication with hal_fingerprint
+binder_call(hal_fod_sdm845, hal_fingerprint)
+
+# Allow hal_fod_sdm845 to hal_display_hwservice
+allow hal_fod_sdm845 hal_display_hwservice:hwservice_manager find;
+
+# Allow hal_fod_sdm845 to hal_fingerprint_hwservice
+allow hal_fod_sdm845 hal_fingerprint_hwservice:hwservice_manager find;
+
+# Allow hal_fod_sdm845 to read and write to sysfs_fod
+allow hal_fod_sdm845 sysfs_fod:file rw_file_perms;
--- a/sepolicy/private/hwservice.te
+++ b/sepolicy/private/hwservice.te
@ -0,0 +1 @@
+type hal_display_hwservice, hwservice_manager_type;
				`@ -0,0 +1 @@`
				`type hal_display_hwservice, hwservice_manager_type;`