Initial coral sepolicy

This has types and init domains only. Bug: 111935745 Test: lunch coral-userdebug && make Change-Id: Ic6c3a3bb8229a4a5bfcf13fd9a266a333084ea5a
author: Andrew Chant <achant@google.com> 2018-08-21 15:08:48 -0700
committer: Andrew Chant <achant@google.com> 2018-08-27 12:44:15 -0700
commit: 496d4a5ad3445c6276300641033c122ba9196c68 (patch)
tree: 1ce4ead74f2937210704a287e5d7f3d98e9c6782 /private
parent: 27c7475fd1ba67a6633f852ab8857a8650702e56 (diff)
download: coral-sepolicy-496d4a5ad3445c6276300641033c122ba9196c68.tar.gz
15 files changed, 106 insertions, 0 deletions
diff --git a/private/bt_logger.te b/private/bt_logger.te
new file mode 100644
index 0000000..7dfd617
--- /dev/null
+++ b/private/bt_logger.te
@@ -0,0 +1,6 @@
+type bt_logger, domain;
+type bt_logger_exec, exec_type, file_type;
+typeattribute bt_logger coredomain;
+
+init_daemon_domain(bt_logger)
+
diff --git a/private/device.te b/private/device.te
new file mode 100644
index 0000000..332bcd7
--- /dev/null
+++ b/private/device.te
@@ -0,0 +1,5 @@
+#Define seemplog device
+type seemplog_device, dev_type;
+
+#Define smd7 device
+type smd7_device, dev_type;
diff --git a/private/dpmd.te b/private/dpmd.te
new file mode 100644
index 0000000..8f71b5c
--- /dev/null
+++ b/private/dpmd.te
@@ -0,0 +1,4 @@
+typeattribute dpmd coredomain;
+type dpmd_exec, exec_type, file_type;
+
+init_daemon_domain(dpmd)
diff --git a/private/dun-server.te b/private/dun-server.te
new file mode 100644
index 0000000..d02821d
--- /dev/null
+++ b/private/dun-server.te
@@ -0,0 +1,5 @@
+type dun-server_exec, exec_type, file_type;
+typeattribute dun-server coredomain;
+
+init_daemon_domain(dun-server)
+
diff --git a/private/file.te b/private/file.te
new file mode 100644
index 0000000..6e48674
--- /dev/null
+++ b/private/file.te
@@ -0,0 +1,9 @@
+type seemp_data_file, core_data_file_type, data_file_type, file_type;
+type seempdw_socket, file_type, mlstrustedobject, coredomain_socket;
+
+type dpmd_socket, file_type, coredomain_socket;
+type dpmd_data_file, file_type, data_file_type, core_data_file_type;
+type dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject;
+type qvrd_data_file, file_type, data_file_type, core_data_file_type;
+type qvrd_socket, file_type, mlstrustedobject, coredomain_socket;
+type qvrd_hvx_socket, file_type, coredomain_socket;
diff --git a/private/file_contexts b/private/file_contexts
new file mode 100755
index 0000000..6de52a5
--- /dev/null
+++ b/private/file_contexts
@@ -0,0 +1,11 @@
+####### system file ###############
+/system/bin/seempd                              u:object_r:seempd_exec:s0
+/system/bin/dpmd                                u:object_r:dpmd_exec:s0
+/system/bin/dun-server                          u:object_r:dun-server_exec:s0
+/system/bin/bt_logger                           u:object_r:bt_logger_exec:s0
+/system/etc/init\.qcom\.testscripts\.sh         u:object_r:qti-testscripts_exec:s0
+/system/bin/smcinvoked                          u:object_r:smcinvoke_daemon_exec:s0
+/system/bin/qvrservice                          u:object_r:qvrd_exec:s0
+/system/bin/wfdservice                          u:object_r:wfdservice_exec:s0
+/system/bin/mmi                                 u:object_r:vendor_mmi_sys_exec:s0
+/system/bin/mmi_diag                            u:object_r:vendor_mmi_sys_exec:s0
diff --git a/private/ioctl_defines b/private/ioctl_defines
new file mode 100644
index 0000000..93a833d
--- /dev/null
+++ b/private/ioctl_defines
@@ -0,0 +1,7 @@
+# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
+define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
+define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
+define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
+define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
+define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
+define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
diff --git a/private/ioctl_macros b/private/ioctl_macros
new file mode 100644
index 0000000..e641c00
--- /dev/null
+++ b/private/ioctl_macros
@@ -0,0 +1,8 @@
+define(`msm_sock_ipc_ioctls_system', `{
+IPC_ROUTER_IOCTL_GET_VERSION
+IPC_ROUTER_IOCTL_GET_MTU
+IPC_ROUTER_IOCTL_LOOKUP_SERVER
+IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
+IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
+IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
+}')
diff --git a/private/mmi_sys.te b/private/mmi_sys.te
new file mode 100755
index 0000000..acd619e
--- /dev/null
+++ b/private/mmi_sys.te
@@ -0,0 +1,7 @@
+typeattribute vendor_mmi_sys coredomain;
+type vendor_mmi_sys_exec, exec_type, file_type;
+
+#init
+init_daemon_domain(vendor_mmi_sys)
+
+
diff --git a/private/qti-testscripts.te b/private/qti-testscripts.te
new file mode 100644
index 0000000..a7912b3
--- /dev/null
+++ b/private/qti-testscripts.te
@@ -0,0 +1,9 @@
+#as the exec is defined in file_context  it is hitting build
+# error in user build  so moving out of the macro
+type qti-testscripts_exec, exec_type, file_type;
+
+userdebug_or_eng(`
+  typeattribute  qti-testscripts coredomain;
+  init_daemon_domain(qti-testscripts)
+
+')
diff --git a/private/qvrd.te b/private/qvrd.te
new file mode 100644
index 0000000..4353a9f
--- /dev/null
+++ b/private/qvrd.te
@@ -0,0 +1,6 @@
+typeattribute qvrd coredomain;
+type qvrd_exec, exec_type, file_type;
+
+init_daemon_domain(qvrd)
+
+
diff --git a/private/seempd.te b/private/seempd.te
new file mode 100644
index 0000000..2ed5742
--- /dev/null
+++ b/private/seempd.te
@@ -0,0 +1,5 @@
+type seempd, domain, mlstrustedsubject, coredomain;
+type seempd_exec, exec_type, file_type;
+
+init_daemon_domain(seempd)
+
diff --git a/private/service.te b/private/service.te
new file mode 100644
index 0000000..a02db5a
--- /dev/null
+++ b/private/service.te
@@ -0,0 +1,12 @@
+type seemp_service,               service_manager_type;
+type cne_service,                 service_manager_type;
+type dpmservice,                  service_manager_type;
+type uce_service,                 service_manager_type;
+type color_service,               service_manager_type;
+type MinkBinderSvc,               app_api_service, service_manager_type;
+type izat_service,                app_api_service, system_api_service, service_manager_type;
+type regionalization_service,     system_api_service, service_manager_type;
+type wigigp2p_service,            app_api_service, system_server_service, service_manager_type;
+type wigig_service,               app_api_service, system_server_service, service_manager_type;
+type vendor_perf_service,         app_api_service, system_server_service, service_manager_type;
+type wfdservice_service,          service_manager_type;
diff --git a/private/smcinvoked.te b/private/smcinvoked.te
new file mode 100644
index 0000000..9140877
--- /dev/null
+++ b/private/smcinvoked.te
@@ -0,0 +1,6 @@
+type smcinvoke_daemon, domain, coredomain;
+type smcinvoke_daemon_exec, exec_type, file_type;
+
+init_daemon_domain(smcinvoke_daemon)
+
+
diff --git a/private/wfdservice.te b/private/wfdservice.te
new file mode 100644
index 0000000..9d32684
--- /dev/null
+++ b/private/wfdservice.te
@@ -0,0 +1,6 @@
+typeattribute wfdservice coredomain;
+
+#Allow for transition from init domain to wfdservice
+init_daemon_domain(wfdservice)
+
+
author	Andrew Chant <achant@google.com>	2018-08-21 15:08:48 -0700
committer	Andrew Chant <achant@google.com>	2018-08-27 12:44:15 -0700
commit	496d4a5ad3445c6276300641033c122ba9196c68 (patch)
tree	1ce4ead74f2937210704a287e5d7f3d98e9c6782 /private
parent	27c7475fd1ba67a6633f852ab8857a8650702e56 (diff)
download	coral-sepolicy-496d4a5ad3445c6276300641033c122ba9196c68.tar.gz