From ae206f162372e5f8ce674c28f0be545098316e37 Mon Sep 17 00:00:00 2001
From: Badhri Jagan Sridharan <Badhri@google.com>
Date: Thu, 12 Jan 2017 17:18:52 -0800
Subject: [PATCH] sepolicy for usb hal

Bug: 31015010

cherry-pick from b6e4d4bdf12e8a61414596d3d23c5016ae0d6477

Test: checked for selinux denial msgs in the dmesg logs.
Change-Id: I8285ea05162ea0d75459e873e5c2bad2dbc7e5ba
---
 private/file_contexts      |  1 +
 private/hal_usb_default.te |  4 ++++
 public/attributes          |  1 +
 public/hal_usb.te          | 14 ++++++++++++++
 public/system_server.te    |  1 +
 5 files changed, 21 insertions(+)
 create mode 100644 private/hal_usb_default.te
 create mode 100644 public/hal_usb.te

diff --git a/private/file_contexts b/private/file_contexts
index 95b27820b..31b7076fc 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -259,6 +259,7 @@
 /system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
 /system/bin/hw/android\.hardware\.sensors@1\.0-service        u:object_r:hal_sensors_default_exec:s0
 /system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
+/system/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
diff --git a/private/hal_usb_default.te b/private/hal_usb_default.te
new file mode 100644
index 000000000..24017f9e0
--- /dev/null
+++ b/private/hal_usb_default.te
@@ -0,0 +1,4 @@
+type hal_usb_default, domain;
+hal_impl_domain(hal_usb_default, hal_usb)
+type hal_usb_default_exec, exec_type, file_type;
+init_daemon_domain(hal_usb_default)
diff --git a/public/attributes b/public/attributes
index 1aacd9e33..4822ed5d1 100644
--- a/public/attributes
+++ b/public/attributes
@@ -138,6 +138,7 @@ attribute hal_power;
 attribute hal_sensors;
 attribute hal_telephony;
 attribute hal_thermal;
+attribute hal_usb;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;
diff --git a/public/hal_usb.te b/public/hal_usb.te
new file mode 100644
index 000000000..5c31c065c
--- /dev/null
+++ b/public/hal_usb.te
@@ -0,0 +1,14 @@
+# call into system_server process (callbacks)
+binder_call(hal_usb, system_server)
+
+allow hal_usb self:netlink_kobject_uevent_socket create;
+allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket bind;
+allow hal_usb self:netlink_kobject_uevent_socket read;
+allow hal_usb sysfs:dir open;
+allow hal_usb sysfs:dir read;
+allow hal_usb sysfs:file read;
+allow hal_usb sysfs:file open;
+allow hal_usb sysfs:file write;
+allow hal_usb sysfs:file getattr;
+
diff --git a/public/system_server.te b/public/system_server.te
index 1dfdafaf7..61f640dff 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -178,6 +178,7 @@ binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
 binder_call(system_server, hal_sensors)
 binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_usb)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, hal_wifi)
-- 
GitLab