From ed9ea3b40515576c65523a74db33dac18967f41c Mon Sep 17 00:00:00 2001 From: bengris32 Date: Sun, 25 Sep 2022 09:34:46 +0100 Subject: [PATCH] sepolicy: bsp: non_plat: Label MTK keyinstall interface * This was dropped in the S sepolicy, but we still need it since we're on R blobs. Signed-off-by: bengris32 Change-Id: Ie0c2ea88b1a8aed96183cce856bbdb0b73c50f65 --- bsp/non_plat/hwservice.te | 1 + bsp/non_plat/hwservice_contexts | 3 +++ bsp/non_plat/mtk_hal_keyinstall.te | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/bsp/non_plat/hwservice.te b/bsp/non_plat/hwservice.te index d679316..1b011a7 100644 --- a/bsp/non_plat/hwservice.te +++ b/bsp/non_plat/hwservice.te @@ -6,6 +6,7 @@ type mtk_hal_netdagent_hwservice, hwservice_manager_type; type volte_rcs_ua_hwservice, hwservice_manager_type; type mtk_hal_dfps_hwservice, hwservice_manager_type; type mtk_hal_dplanner_hwservice, hwservice_manager_type; +type mtk_hal_keyinstall_hwservice, hwservice_manager_type; type mtk_hal_pplagent_hwservice, hwservice_manager_type; # omadm hidl type mtk_hal_omadm_hwservice, hwservice_manager_type; diff --git a/bsp/non_plat/hwservice_contexts b/bsp/non_plat/hwservice_contexts index 73e3119..f07aafe 100644 --- a/bsp/non_plat/hwservice_contexts +++ b/bsp/non_plat/hwservice_contexts @@ -36,6 +36,9 @@ vendor.mediatek.hardware.dplanner::IDPlanner u:object_r:mtk_hal_dplanner_hwservi # tablet DRM Key Manage HIDL vendor.mediatek.hardware.keymanage::IKeymanage u:object_r:mtk_hal_keymanage_hwservice:s0 +# DRM Key Installation HIDL +vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0 + # Date: 2018/05/07 vendor.mediatek.hardware.pplagent::IPplAgent u:object_r:mtk_hal_pplagent_hwservice:s0 diff --git a/bsp/non_plat/mtk_hal_keyinstall.te b/bsp/non_plat/mtk_hal_keyinstall.te index c7b192e..789b2fd 100644 --- a/bsp/non_plat/mtk_hal_keyinstall.te +++ b/bsp/non_plat/mtk_hal_keyinstall.te @@ -7,6 +7,12 @@ type mtk_hal_keyinstall_exec, exec_type, file_type, vendor_file_type; # Setup for domain transition init_daemon_domain(mtk_hal_keyinstall) +# Associate mtk_hal_keyinstall_hwservice with all server domain +add_hwservice(hal_keymaster_server, mtk_hal_keyinstall_hwservice) + +# Give permission for hal_keymaster_client to find mtk_hal_keyinstall_hwservice via hwservice_manager +allow hal_keymaster_client mtk_hal_keyinstall_hwservice:hwservice_manager find; + # Allow mtk_hal_keyinstall to communicate with mobicore allow mtk_hal_keyinstall mobicore:unix_stream_socket connectto; allow mtk_hal_keyinstall mobicore_data_file:dir search;