[ALPS03872369] Add lbs_dbg selinux policy

[Detail] Add lbs_dbg selinux policy MTK-Commit-Id: c316e3908f5d5ddbf8f543ef08a4759159b798ba Change-Id: Id6311f353df61ca0fa9a108c832d790b228a5bba CR-Id: ALPS03872369 Feature: Location Chipset Capability
2020-01-18 10:03:58 +08:00 · 2020-01-18 10:03:58 +08:00 · c30a82525d
commit c30a82525d
parent 5f82c9e661
4 changed files with 58 additions and 0 deletions
--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -273,6 +273,9 @@ type mediadrm_vendor_data_file, file_type, data_file_type;
 # mtk usb hal
 type sysfs_dual_role_usb20, fs_type, sysfs_type;

+# lbs debug file
+type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type;
+
 # Touch parameters file
 type sysfs_tpd_setting, fs_type, sysfs_type;
 type sysfs_tpd_debug, fs_type, sysfs_type;
--- a/non_plat/lbs_dbg.te
+++ b/non_plat/lbs_dbg.te
@ -0,0 +1,51 @@
+# ==============================================
+# Policy File of /system/bin/lbs_dbg Executable File
+
+# ==============================================
+# Type Declaration
+# ==============================================
+type lbs_dbg, domain;
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+file_type_auto_trans(lbs_dbg, system_data_file, lbs_dbg_data_file);
+type lbs_dbg_exec, exec_type, file_type;
+typeattribute lbs_dbg coredomain;
+
+init_daemon_domain(lbs_dbg)
+
+#============= lbs_dbg ==============
+allow lbs_dbg storage_file:dir { write create add_name search mounton };
+allow lbs_dbg storage_file:lnk_file read;
+allow lbs_dbg lbs_dbg_data_file:file create_file_perms;
+
+allow lbs_dbg system_data_file:lnk_file read;
+
+allow lbs_dbg mnld_device:chr_file rw_file_perms;
+
+allow lbs_dbg media_rw_data_file:dir search;
+allow lbs_dbg media_rw_data_file:dir { read open };
+
+allow lbs_dbg sdcard_type:filesystem unmount;
+allow lbs_dbg tmpfs:filesystem unmount;
+allow lbs_dbg sysfs:dir { read open };
+allow lbs_dbg sysfs_leds:dir search;
+allow lbs_dbg sysfs_leds:lnk_file read;
+allow lbs_dbg sysfs_vibrator:file {open read write};
+
+allow lbs_dbg sdcard_type:dir r_dir_perms;
+allow lbs_dbg self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
+
+allow lbs_dbg self:tcp_socket create_stream_socket_perms;
+allow lbs_dbg self:udp_socket create_socket_perms;
+
+allow lbs_dbg hwservicemanager_prop:file read;
+hal_client_domain(lbs_dbg, mtk_hal_lbs)
+
+allow lbs_dbg media_rw_data_file:dir { write remove_name };
+allow lbs_dbg media_rw_data_file:file getattr;
+allow lbs_dbg sdcardfs:dir { write remove_name create add_name };
+allow lbs_dbg sdcardfs:file { rename getattr };
+allow lbs_dbg media_rw_data_file:dir { create add_name };
+allow lbs_dbg media_rw_data_file:file { write rename create open };
+allow lbs_dbg sdcardfs:file { write create open };
--- a/non_plat/mnld.te
+++ b/non_plat/mnld.te
@ -95,3 +95,6 @@ allow mnld mnt_vendor_file:dir search;
 # Date : WK18.26
 # Purpose : for atci gps test
 allow mnld atci_service:unix_dgram_socket sendto;
+
+allow mnld sysfs_boot_mode:file { read open };
+
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@ -22,6 +22,7 @@
 /system/bin/aee_aed64 u:object_r:aee_aed_exec:s0
 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
+/system/bin/lbs_dbg u:object_r:lbs_dbg_exec:s0

 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
 /(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0