From 9ac7df22802e91c58ecc2e05a3f515962457a266 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 25 Sep 2014 15:13:41 -0700
Subject: [PATCH] Allow NFC to read/write nfc. system properties.

(cherry pick of commit 05383ebfb439bed8436912ed28db550e8842b343)

Bug: 17298769
Change-Id: I1994ff9f9da9b13249099f6c9bcec88dcdc2bb97
---
 app.te            | 4 ++--
 nfc.te            | 4 ++++
 property.te       | 1 +
 property_contexts | 3 +++
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app.te b/app.te
index 239d0bb83..63ee7aa4c 100644
--- a/app.te
+++ b/app.te
@@ -238,7 +238,7 @@ neverallow appdomain socket_device:sock_file write;
 # Unix domain sockets.
 neverallow appdomain adbd_socket:sock_file write;
 neverallow appdomain installd_socket:sock_file write;
-neverallow { appdomain -bluetooth -radio -shell -system_app }
+neverallow { appdomain -bluetooth -radio -shell -system_app -nfc }
     property_socket:sock_file write;
 neverallow { appdomain -radio } rild_socket:sock_file write;
 neverallow appdomain vold_socket:sock_file write;
@@ -340,5 +340,5 @@ neverallow { appdomain -system_app -shell }
 neverallow appdomain fs_type:filesystem ~getattr;
 
 # Ability to set system properties.
-neverallow { appdomain -system_app -radio -shell -bluetooth }
+neverallow { appdomain -system_app -radio -shell -bluetooth -nfc }
     property_type:property_service set;
diff --git a/nfc.te b/nfc.te
index 2b851a276..4113d3172 100644
--- a/nfc.te
+++ b/nfc.te
@@ -4,6 +4,10 @@ app_domain(nfc)
 net_domain(nfc)
 binder_service(nfc)
 
+# Set NFC properties
+unix_socket_connect(nfc, property, init)
+allow nfc nfc_prop:property_service set;
+
 # NFC device access.
 allow nfc nfc_device:chr_file rw_file_perms;
 
diff --git a/property.te b/property.te
index 9d6f10612..cfa3ec968 100644
--- a/property.te
+++ b/property.te
@@ -22,3 +22,4 @@ type security_prop, property_type;
 type bluetooth_prop, property_type;
 type pan_result_prop, property_type;
 type powerctl_prop, property_type;
+type nfc_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 48f7fae69..f89c43282 100644
--- a/property_contexts
+++ b/property_contexts
@@ -58,3 +58,6 @@ ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
 ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
 ctl.dhcpcd_bt-pan       u:object_r:ctl_dhcp_pan_prop:s0
 ctl.                    u:object_r:ctl_default_prop:s0
+
+# NFC properties
+nfc.                    u:object_r:nfc_prop:s0
-- 
GitLab