diff options
Diffstat (limited to 'common/sepolicy')
| -rw-r--r-- | common/sepolicy/hal_audio_caremu.te | 5 | ||||
| -rw-r--r-- | common/sepolicy/hal_ivn_default.te | 3 | ||||
| -rw-r--r-- | common/sepolicy/hal_remoteaccess_default.te | 13 | ||||
| -rw-r--r-- | common/sepolicy/property.te | 2 | ||||
| -rw-r--r-- | common/sepolicy/property_contexts | 2 | ||||
| -rw-r--r-- | common/sepolicy/surfaceflinger.te | 2 |
6 files changed, 27 insertions, 0 deletions
diff --git a/common/sepolicy/hal_audio_caremu.te b/common/sepolicy/hal_audio_caremu.te index 5c0af23..34be2d8 100644 --- a/common/sepolicy/hal_audio_caremu.te +++ b/common/sepolicy/hal_audio_caremu.te @@ -11,3 +11,8 @@ binder_use(hal_audio_caremu) # Enable audiocontrol to listen to power policy daemon. carpowerpolicy_callback_domain(hal_audio_caremu) + +hal_client_domain(hal_audio_caremu, hal_allocator) +get_prop(hal_audio_caremu, vendor_caremu_audiohal_prop) + +allow hal_audio_caremu audioserver:fifo_file write; diff --git a/common/sepolicy/hal_ivn_default.te b/common/sepolicy/hal_ivn_default.te new file mode 100644 index 0000000..40740de --- /dev/null +++ b/common/sepolicy/hal_ivn_default.te @@ -0,0 +1,3 @@ +# Allow debug dump +allow hal_ivn_default shell:fd use; +allow hal_ivn_default shell:fifo_file write; diff --git a/common/sepolicy/hal_remoteaccess_default.te b/common/sepolicy/hal_remoteaccess_default.te new file mode 100644 index 0000000..b734334 --- /dev/null +++ b/common/sepolicy/hal_remoteaccess_default.te @@ -0,0 +1,13 @@ +# Allow remoteaccess HAL to communicate with remote wakeup client via local +# socket. +typeattribute hal_remoteaccess_default hal_automotive_socket_exemption; +net_domain(hal_remoteaccess_default) +allow hal_remoteaccess_default self:vsock_socket write; + +# Allow accessing VHAL. +binder_use(hal_remoteaccess_default) +hal_client_domain(hal_remoteaccess_default, hal_vehicle) + +# Allow debug dump +allow hal_remoteaccess_default shell:fd use; +allow hal_remoteaccess_default shell:fifo_file write; diff --git a/common/sepolicy/property.te b/common/sepolicy/property.te new file mode 100644 index 0000000..afa1f81 --- /dev/null +++ b/common/sepolicy/property.te @@ -0,0 +1,2 @@ +# Audio HAL +vendor_internal_prop(vendor_caremu_audiohal_prop) diff --git a/common/sepolicy/property_contexts b/common/sepolicy/property_contexts new file mode 100644 index 0000000..6833690 --- /dev/null +++ b/common/sepolicy/property_contexts @@ -0,0 +1,2 @@ +# Audio HAL +ro.vendor.caremu.audiohal. u:object_r:vendor_caremu_audiohal_prop:s0 diff --git a/common/sepolicy/surfaceflinger.te b/common/sepolicy/surfaceflinger.te new file mode 100644 index 0000000..c46089c --- /dev/null +++ b/common/sepolicy/surfaceflinger.te @@ -0,0 +1,2 @@ +# Allow surfaceflinger to perform binder IPC to automotive_display_service +binder_call(surfaceflinger, automotive_display_service_server) |