Secure DPU: add securedpud daemon

1. Add daemon implementation 2. Update sepolicy Bug: 176508588 Change-Id: I1186a205d60f1cf0e308d636f9828b249b5513f4
author: ichihlu <ichihlu@google.com> 2020-12-26 13:42:57 +0000
committer: ichihlu <ichihlu@google.com> 2021-01-08 01:28:48 +0000
commit: d44cf0504567c5f7201565a39fd3864d3ce03470 (patch)
tree: 87f40a1a345b14ee789a96b98827d21920f01ab6 /sepolicy
parent: e58784d037cb8fd5841d9ae3ecb040f8af9b2223 (diff)
download: trusty-d44cf0504567c5f7201565a39fd3864d3ce03470.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 3153bd1..7c72e1f 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -2,6 +2,7 @@
 /dev/vport3p1                        u:object_r:rpmb_virt_device:s0
 /dev/vport3p2                        u:object_r:spi_virt_device:s0
 /vendor/bin/dhcpclient               u:object_r:dhcpclient_exec:s0
+/vendor/bin/securedpud               u:object_r:securedpud_exec:s0
 /vendor/bin/spiproxyd                u:object_r:tee_exec:s0
 /vendor/bin/storageproxyd            u:object_r:tee_exec:s0
 /data/vendor/var/run(/.*)?           u:object_r:varrun_file:s0
diff --git a/sepolicy/securedpud.te b/sepolicy/securedpud.te
new file mode 100644
index 0000000..3eae5e0
--- /dev/null
+++ b/sepolicy/securedpud.te
@@ -0,0 +1,6 @@
+type securedpud, domain;
+type securedpud_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(securedpud)
+
+allow securedpud tee_device:chr_file rw_file_perms;
author	ichihlu <ichihlu@google.com>	2020-12-26 13:42:57 +0000
committer	ichihlu <ichihlu@google.com>	2021-01-08 01:28:48 +0000
commit	d44cf0504567c5f7201565a39fd3864d3ce03470 (patch)
tree	87f40a1a345b14ee789a96b98827d21920f01ab6 /sepolicy
parent	e58784d037cb8fd5841d9ae3ecb040f8af9b2223 (diff)
download	trusty-d44cf0504567c5f7201565a39fd3864d3ce03470.tar.gz