427c135bd6
[Detail] Only BASIC Sepolicy need to be applyed for BASIC, we separate basic/bsp sepolicy for BASIC. This workaround is for fixing the build errors that cause by the declarations were defined in bsp/ dir and neverallow rules. MTK-Commit-Id: f1ed54e84b85f73e20dcc8c2ac5f0c42fddedc77 Change-Id: I568873fcc272d04b018efc4be00924b751bb3775 CR-Id: ALPS04340791 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
28 lines
1.0 KiB
Plaintext
28 lines
1.0 KiB
Plaintext
# Set a new domain
|
|
type mtk_hal_keymanage, domain;
|
|
|
|
# Set mtk_hal_keymanage as server domain of hal_keymaster
|
|
hal_server_domain(mtk_hal_keymanage, hal_keymaster)
|
|
|
|
# Set exec file type
|
|
type mtk_hal_keymanage_exec, exec_type, file_type, vendor_file_type;
|
|
|
|
# Setup for domain transition
|
|
init_daemon_domain(mtk_hal_keymanage)
|
|
|
|
# Associate mtk_hal_keymanage_hwservice with all server domain
|
|
add_hwservice(hal_keymaster_server, mtk_hal_keymanage_hwservice)
|
|
|
|
# Give permission for hal_keymaster_client to find mtk_hal_keymanage_hwservice via hwservice_manager
|
|
allow hal_keymaster_client mtk_hal_keymanage_hwservice:hwservice_manager find;
|
|
|
|
# Give permission for hal_key_manage to access kisd service
|
|
|
|
allow mtk_hal_keymanage kisd:unix_stream_socket connectto;
|
|
|
|
# Allow mtk_hal_keyinstall to access /data/key_provisioning
|
|
allow mtk_hal_keymanage key_install_data_file:dir { write add_name remove_name search };
|
|
allow mtk_hal_keymanage key_install_data_file:file { write create setattr read getattr unlink open append };
|
|
|
|
allow mtk_hal_keymanage debugfs_tracing:file { write };
|