From 9b0788945221ab99817b7e883e7b7be1fe8c9940 Mon Sep 17 00:00:00 2001
From: Badhri Jagan Sridharan <Badhri@google.com>
Date: Mon, 8 Jan 2018 09:29:40 -0800
Subject: [PATCH] hal_usb_gadget sepolicy
Bug: 63669128
Test: Checked for avc denail messages.
Change-Id: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda
---
private/compat/26.0/26.0.ignore.cil | 1 +
private/hwservice_contexts | 1 +
private/system_server.te | 1 +
public/attributes | 1 +
public/hal_usb_gadget.te | 14 ++++++++++++++
public/hwservice.te | 1 +
6 files changed, 19 insertions(+)
create mode 100644 public/hal_usb_gadget.te
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 6ed3692ee..90fb91808 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -38,6 +38,7 @@
hal_neuralnetworks_hwservice
hal_tetheroffload_hwservice
hal_wifi_hostapd_hwservice
+ hal_usb_gadget_hwservice
hal_wifi_offload_hwservice
kmsg_debug_device
last_boot_reason_prop
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 316c34c63..76781db72 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -43,6 +43,7 @@ android.hardware.thermal::IThermalCallback u:object_r:therm
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
+android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0
android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index 1f3906065..058965964 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -198,6 +198,7 @@ hal_client_domain(system_server, hal_thermal)
hal_client_domain(system_server, hal_tv_cec)
hal_client_domain(system_server, hal_tv_input)
hal_client_domain(system_server, hal_usb)
+hal_client_domain(system_server, hal_usb_gadget)
hal_client_domain(system_server, hal_vibrator)
hal_client_domain(system_server, hal_vr)
hal_client_domain(system_server, hal_weaver)
diff --git a/public/attributes b/public/attributes
index eb7114b52..ebc302ae6 100644
--- a/public/attributes
+++ b/public/attributes
@@ -235,6 +235,7 @@ hal_attribute(thermal);
hal_attribute(tv_cec);
hal_attribute(tv_input);
hal_attribute(usb);
+hal_attribute(usb_gadget);
hal_attribute(vibrator);
hal_attribute(vr);
hal_attribute(weaver);
diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te
new file mode 100644
index 000000000..16f4f0821
--- /dev/null
+++ b/public/hal_usb_gadget.te
@@ -0,0 +1,14 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
+binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
+
+add_hwservice(hal_usb_gadget_server, hal_usb_gadget_hwservice)
+allow hal_usb_gadget_client hal_usb_gadget_hwservice:hwservice_manager find;
+
+# Configuring usb gadget functions
+allow hal_usb_gadget_server configfs:lnk_file { read create unlink};
+allow hal_usb_gadget_server configfs:dir rw_dir_perms;
+allow hal_usb_gadget_server configfs:file rw_file_perms;
+allow hal_usb_gadget_server functionfs:dir { read search };
+allow hal_usb_gadget_server functionfs:file read;
+
diff --git a/public/hwservice.te b/public/hwservice.te
index 6eb816e9d..8f634ca68 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -37,6 +37,7 @@ type hal_thermal_hwservice, hwservice_manager_type;
type hal_tv_cec_hwservice, hwservice_manager_type;
type hal_tv_input_hwservice, hwservice_manager_type;
type hal_usb_hwservice, hwservice_manager_type;
+type hal_usb_gadget_hwservice, hwservice_manager_type;
type hal_vibrator_hwservice, hwservice_manager_type;
type hal_vr_hwservice, hwservice_manager_type;
type hal_weaver_hwservice, hwservice_manager_type;
--
GitLab