From 48dab28731dad20c902024670c7aa0bf9dc3c861 Mon Sep 17 00:00:00 2001 From: Howard Ho Date: Sat, 18 Jan 2020 10:06:46 +0800 Subject: [PATCH] [ALPS03988168] mdp hidl-device/sepolicy mdp_copybit hidl-device/sepolicy MTK-Commit-Id: 78b6aa3c250b7acab7c541bb34c6f87afdedb82e Change-Id: Iebb0221c77ccbf8973dc7133ba350c078e907950 CR-Id: ALPS03988168 Feature: [Module]MDP Driver --- non_plat/attributes | 5 +++++ non_plat/file_contexts | 2 ++ non_plat/hal_mms.te | 6 ++++++ non_plat/hwservice.te | 4 ++++ non_plat/hwservice_contexts | 4 ++++ non_plat/mtk_hal_mms.te | 28 ++++++++++++++++++++++++++++ 6 files changed, 49 insertions(+) create mode 100755 non_plat/hal_mms.te create mode 100755 non_plat/mtk_hal_mms.te diff --git a/non_plat/attributes b/non_plat/attributes index 47f07c7..eb9ea61 100644 --- a/non_plat/attributes +++ b/non_plat/attributes @@ -64,3 +64,8 @@ attribute mtk_hal_em; attribute mtk_hal_em_client; attribute mtk_hal_em_server; +# Date: 2018/07/02 +# MDP HIDL +attribute hal_mms; +attribute hal_mms_client; +attribute hal_mms_server; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index e6d9960..04be0f8 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -560,6 +560,8 @@ #PQ hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.pq@2\.2-service u:object_r:mtk_hal_pq_exec:s0 +#MMS hal +/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.0-service u:object_r:mtk_hal_mms_exec:s0 # Keymaster Attestation Hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keymaster_attestation@1\.1-service u:object_r:hal_keymaster_attestation_exec:s0 #ST NFC 1.1 hidl service diff --git a/non_plat/hal_mms.te b/non_plat/hal_mms.te new file mode 100755 index 0000000..766ccac --- /dev/null +++ b/non_plat/hal_mms.te @@ -0,0 +1,6 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_mms_client, hal_mms_server) +binder_call(hal_mms_server, hal_mms_client) + +# give permission for hal client +allow hal_mms_client mtk_hal_mms_hwservice :hwservice_manager find; diff --git a/non_plat/hwservice.te b/non_plat/hwservice.te index c5f5e1b..5501fd2 100644 --- a/non_plat/hwservice.te +++ b/non_plat/hwservice.te @@ -42,3 +42,7 @@ type mtk_hal_log_hwservice, hwservice_manager_type; # Date: 2018/06/26 # em hidl type mtk_hal_em_hwservice, hwservice_manager_type; + +# Date: 2018/07/02 +# MMS HIDL +type mtk_hal_mms_hwservice, hwservice_manager_type; diff --git a/non_plat/hwservice_contexts b/non_plat/hwservice_contexts index 20de2eb..0cc9189 100644 --- a/non_plat/hwservice_contexts +++ b/non_plat/hwservice_contexts @@ -48,3 +48,7 @@ vendor.mediatek.hardware.log::ILog u:object_r:mtk_hal_log_hwservice:s0 # Date: 2018/06/26 # em hidl vendor.mediatek.hardware.engineermode::IEmd u:object_r:mtk_hal_em_hwservice:s0 + +# Date : 2018/07/02 +# MMS HIDL +vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0 diff --git a/non_plat/mtk_hal_mms.te b/non_plat/mtk_hal_mms.te new file mode 100755 index 0000000..31dd56c --- /dev/null +++ b/non_plat/mtk_hal_mms.te @@ -0,0 +1,28 @@ +# ============================================== +# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.mms@1.0-service Executable File + +# ============================================== +# Type Declaration +# ============================================== + +type mtk_hal_mms, domain; +type mtk_hal_mms_exec, exec_type, file_type, vendor_file_type; + +# ============================================== +# MTK Policy Rule +# ============================================== + +# Setup for domain transition +init_daemon_domain(mtk_hal_mms) + +# Allow to use HWBinder IPC +hwbinder_use(mtk_hal_mms); + +# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. +hal_server_domain(mtk_hal_mms, hal_mms) + +# add/find permission rule to hwservicemanager +add_hwservice(hal_mms_server, mtk_hal_mms_hwservice) + +# Purpose : Allow to use kernel driver +allow mtk_hal_mms graphics_device:chr_file { read write open ioctl }; \ No newline at end of file