From 942964627a70c857f38c894945e67b8b327d4a00 Mon Sep 17 00:00:00 2001 From: Tushar Patra Jamula Date: Wed, 17 Apr 2024 15:52:23 +0530 Subject: [PATCH] sepolicy_vndr: sepolicy rules for SecCam2test app Change-Id: I7c2db52a48817c3b1acf7c0e028a9ce78a1974fb Signed-off-by: Tushar Patra Jamula --- qva/vendor/msmsteppe/file.te | 3 ++ qva/vendor/msmsteppe/file_contexts | 8 +++- .../msmsteppe/hal_secureprocessor_qti.te | 41 +++++++++++++++++++ qva/vendor/test/seapp_contexts | 5 +++ 4 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 qva/vendor/msmsteppe/hal_secureprocessor_qti.te diff --git a/qva/vendor/msmsteppe/file.te b/qva/vendor/msmsteppe/file.te index ee8c7a941..ec5cce741 100644 --- a/qva/vendor/msmsteppe/file.te +++ b/qva/vendor/msmsteppe/file.te @@ -67,3 +67,6 @@ type sysfs_power_imagesize, sysfs_type, fs_type; # Proc sys-vm-swappiness file type type proc_swappiness, proc_type, fs_type; + +#qtee +type vendor_qtee_data_file, file_type, data_file_type; diff --git a/qva/vendor/msmsteppe/file_contexts b/qva/vendor/msmsteppe/file_contexts index cdb922a6b..b1e799de3 100644 --- a/qva/vendor/msmsteppe/file_contexts +++ b/qva/vendor/msmsteppe/file_contexts @@ -27,7 +27,7 @@ # Changes from Qualcomm Innovation Center are provided under the following license: # -# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. +# Copyright (c) 2022, 2024 Qualcomm Innovation Center, Inc. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted (subject to the limitations in the @@ -75,3 +75,9 @@ # /vendor/bin/hw/vendor\.qti\.hardware\.powerstateservice@1\.0-service u:object_r:vendor_hal_powerstateservice_qti_exec:s0 /vendor/bin/hw/vendor\.qti\.hardware\.powerstateutility@1\.0-service u:object_r:vendor_hal_powerstateutility_qti_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.secureprocessor.2.0@1\.0 u:object_r:vendor_hal_secureprocessor_qti_exec:s0 + +################################### +# Data Files +# +/data/vendor/qtee(/.*)? u:object_r:vendor_qtee_data_file:s0 diff --git a/qva/vendor/msmsteppe/hal_secureprocessor_qti.te b/qva/vendor/msmsteppe/hal_secureprocessor_qti.te new file mode 100644 index 000000000..48461add4 --- /dev/null +++ b/qva/vendor/msmsteppe/hal_secureprocessor_qti.te @@ -0,0 +1,41 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Changes from Qualcomm Innovation Center, Inc. are provided under the following license: +# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-3-Clause-Clear + +allow vendor_hal_secureprocessor_qti vendor_qdsp_device:chr_file r_file_perms; +allow vendor_hal_secureprocessor_qti vendor_xdsp_device:chr_file r_file_perms; + +allow vendor_hal_secureprocessor_qti ion_device:chr_file r_file_perms; + +allow vendor_hal_secureprocessor_qti vendor_qtee_data_file:dir rw_dir_perms; +allow vendor_hal_secureprocessor_qti vendor_qtee_data_file:file create_file_perms; +allow vendor_hal_secureprocessor_qti video_device:chr_file rw_file_perms; + +get_prop(vendor_hal_secureprocessor_qti, vendor_adsprpc_prop); diff --git a/qva/vendor/test/seapp_contexts b/qva/vendor/test/seapp_contexts index 4bd9dc9d8..80fd10923 100755 --- a/qva/vendor/test/seapp_contexts +++ b/qva/vendor/test/seapp_contexts @@ -24,6 +24,10 @@ # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Changes from Qualcomm Innovation Center, Inc. are provided under the following license: +# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-3-Clause-Clear # Add new domain for location test apps user=_app seinfo=platform name=com.qualcomm.qct.dlt levelfrom=all domain=vendor_location_app_test type=app_data_file @@ -34,5 +38,6 @@ user=system seinfo=platform name=com.qualcomm.qti.logkit.lite domain=vendor_logk user=_app seinfo=platform domain=vendor_pdt_app name=com.quicinc.framework.debugapp levelfrom=all type=app_data_file user=_app seinfo=platform name=com.qualcomm.qti.dualstaapp domain=vendor_dualsta_app type=app_data_file levelFrom=all user=_app seinfo=platform name=com.qualcomm.qti.cam2test domain=vendor_sys_seccam2_app type=app_data_file levelFrom=all +user=_app seinfo=platform name=com.qualcomm.qti.seccam2test domain=vendor_sys_seccam2_app type=app_data_file levelFrom=all user=system seinfo=platform name=com.qualcomm.wrd.ue.kpitool.base domain=vendor_cta_app type=system_app_data_file user=_app seinfo=platform name=com.qualcomm.aontest domain=aoncameraservice_app type=app_data_file levelFrom=all