Merge "Update ST NFC/SecureElement policies" am: 85582c070e

Original change: https://android-review.googlesource.com/c/device/google/redbull-sepolicy/+/1488057

Change-Id: Iba7e837bf280ad12bb086a08aa0d1e8e4f5120ba

7 files changed, 18 insertions, 6 deletions

diff --git a/vendor/google/file.te b/vendor/google/file.te
index a7e64fe..89982d6 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -23,7 +23,6 @@ type sysfs_imei, sysfs_type, fs_type;
 type debugfs_usb, debugfs_type, fs_type;
 type mediadrm_vendor_data_file, file_type, data_file_type;
 type diag_socket, file_type, mlstrustedobject;
-type ese_vendor_data_file, file_type, data_file_type;
 type debugfs_dma_buf, debugfs_type, fs_type;
 type debugfs_clk, debugfs_type, fs_type;
 type debugfs_pmic, debugfs_type, fs_type;
diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts
index e469549..9a3ea7e 100644
--- a/vendor/st/file_contexts
+++ b/vendor/st/file_contexts
@@ -11,6 +11,5 @@
 
 ###################################
 # data files
-/data/vendor/ese(/.*)?                                                                u:object_r:ese_vendor_data_file:s0
 /data/nfc(/.*)?                                                                       u:object_r:nfc_data_file:s0
 
diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te
index 66ce177..f98e78c 100644
--- a/vendor/st/hal_nfc_default.te
+++ b/vendor/st/hal_nfc_default.te
@@ -1,3 +1,9 @@
+# NFC property
+set_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
 # Modem property
 set_prop(hal_nfc_default, vendor_modem_prop)
 
diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te
index 94b811d..84cde42 100644
--- a/vendor/st/hal_secure_element_default.te
+++ b/vendor/st/hal_secure_element_default.te
@@ -1,6 +1,7 @@
 allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms;
-allow hal_secure_element_default ese_vendor_data_file:file create_file_perms;
-allow hal_secure_element_default debugfs_ipc:dir search;
+allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
+dontaudit hal_secure_element_default debugfs_ipc:dir search;
 set_prop(hal_secure_element_default, vendor_secure_element_prop)
-get_prop(hal_secure_element_default, vendor_modem_prop)
+set_prop(hal_secure_element_default, vendor_nfc_prop)
+set_prop(hal_secure_element_default, vendor_modem_prop)
+
diff --git a/vendor/st/property.te b/vendor/st/property.te
index 33a01ec..723121a 100644
--- a/vendor/st/property.te
+++ b/vendor/st/property.te
@@ -1 +1,2 @@
+vendor_internal_prop(vendor_nfc_prop)
 vendor_internal_prop(vendor_secure_element_prop)
diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts
index 01a12e4..c6cd8a4 100644
--- a/vendor/st/property_contexts
+++ b/vendor/st/property_contexts
@@ -1,4 +1,6 @@
 # SecureElement
 persist.vendor.se.                              u:object_r:vendor_secure_element_prop:s0
 
+# NFC
+persist.vendor.nfc.                             u:object_r:vendor_nfc_prop:s0
 
diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te
new file mode 100644
index 0000000..abc7580
--- /dev/null
+++ b/vendor/st/vendor_init.te
@@ -0,0 +1,4 @@
+# NFC vendor property
+set_prop(vendor_init, vendor_nfc_prop)
+# SecureElement vendor property
+set_prop(vendor_init, vendor_secure_element_prop)