[ALPS04387792] BGService: add sepolicy permission

[Detail] 1. add BGService sepolicy permission MTK-Commit-Id: 136f9e6df88b8e10652a3393405737b20e986f51 Change-Id: I62a077fbadd17a865c21e8c1551b2202d10bc6ce CR-Id: ALPS04387792 Feature: [Android Default] Camera Application Basic Functions
2020-01-18 10:20:09 +08:00 · 2020-01-18 10:20:09 +08:00 · 1dbf2b6dff
commit 1dbf2b6dff
parent 8d9e4a522f
5 changed files with 29 additions and 0 deletions
--- a/r_non_plat/attributes
+++ b/r_non_plat/attributes
@ -80,3 +80,11 @@ attribute mtk_hal_md_dbfilter_server;
 attribute hal_hdmi;
 attribute hal_hdmi_client;
 attribute hal_hdmi_server;
+
+# Date: 2019/09/06
+# BGService HIDL
+attribute mtk_hal_bgs;
+attribute mtk_hal_bgs_client;
+attribute mtk_hal_bgs_server;
+
+
--- a/r_non_plat/hwservice.te
+++ b/r_non_plat/hwservice.te
@ -57,3 +57,7 @@ type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type;
 # Date: 2019/07/16
 # HDMI HIDL
 type mtk_hal_hdmi_hwservice, hwservice_manager_type;
+
+# Date: 2019/09/06
+# BGService HIDL
+type mtk_hal_bgs_hwservice, hwservice_manager_type;
--- a/r_non_plat/mtk_hal_bgs.te
+++ b/r_non_plat/mtk_hal_bgs.te
@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(mtk_hal_bgs_client, mtk_hal_bgs_server)
+binder_call(mtk_hal_bgs_server, mtk_hal_bgs_client)
+
+add_hwservice(mtk_hal_bgs_server, mtk_hal_bgs_hwservice)
+allow mtk_hal_bgs_client mtk_hal_bgs_hwservice:hwservice_manager find;
--- a/r_non_plat/mtk_hal_camera.te
+++ b/r_non_plat/mtk_hal_camera.te
@ -23,6 +23,8 @@ init_daemon_domain(mtk_hal_camera)
 # HAL implementation of the specified type over HwBinder.
 hal_server_domain(mtk_hal_camera, hal_camera)

+hal_server_domain(mtk_hal_camera, mtk_hal_bgs)
+
 # Allow camerahalserver to use HwBinder and vendor binder IPC.
 hwbinder_use(mtk_hal_camera)
 vndbinder_use(mtk_hal_camera)
@ -343,3 +345,8 @@ allow mtk_hal_camera sysfs_dt_firmware_android:dir search;
 # Operation : For M4U security
 allow mtk_hal_camera proc_m4u:file r_file_perms;
 allowxperm mtk_hal_camera proc_m4u:file ioctl MTK_M4U_T_SEC_INIT;
+
+# Date: 2019/08/27
+# Operation : For android Q allowing ioctl
+allow mtk_hal_camera mtk_hal_camera:unix_stream_socket { ioctl };
+allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF;
--- a/r_non_plat/platform_app.te
+++ b/r_non_plat/platform_app.te
@ -119,5 +119,9 @@ allow platform_app sw_sync_device:chr_file rw_file_perms;

 # Date: 2019/07/04
 # Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera
+hal_client_domain(platform_app, mtk_hal_bgs)
+allow platform_app mtk_hal_bgs_hwservice:hwservice_manager find;
+binder_call(platform_app, mtk_hal_bgs)
+binder_call(mtk_hal_bgs, platform_app)
 binder_call(platform_app, mtk_hal_camera)
 binder_call(mtk_hal_camera, platform_app)