Snap for 6571063 from cc43d24c3676990ffec9d8a47439b366b2c9309d to mainline-release

Change-Id: I5b6991c828ff148e48599d23df6da542e4963cf4
author: android-build-team Robot <android-build-team-robot@google.com> 2020-06-09 07:10:14 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2020-06-09 07:10:14 +0000
commit: 440f0760d9b5890e7c60c3d61a322dfede2a5004 (patch)
tree: dc374b9902853cb4c1577b285ecc93c1e637dd6c
parent: 3a0af5408fa16e1feb825920d5d3a23a609517ee (diff)
parent: cc43d24c3676990ffec9d8a47439b366b2c9309d (diff)
download: sunfish-sepolicy-440f0760d9b5890e7c60c3d61a322dfede2a5004.tar.gz
4 files changed, 19 insertions, 1 deletions
diff --git a/vendor/google/file.te b/vendor/google/file.te
index 20982b0..fd2bd46 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -31,6 +31,7 @@ type debugfs_clk, debugfs_type, fs_type;
 type debugfs_pmic, debugfs_type, fs_type;
 type sysfs_contaminant, sysfs_type, fs_type;
 type hal_neuralnetworks_darwinn_hal_camera_data_file, file_type, data_file_type;
+type hal_rebootescrow_citadel_data_file, file_type, data_file_type;
 type sysfs_knowles_info, fs_type, sysfs_type;
 type sysfs_fingerprint, sysfs_type, fs_type;
 type per_boot_file, file_type, data_file_type, core_data_file_type;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 9dec45d..df7bfa6 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -1,6 +1,5 @@
 # dev nodes
 /dev/abc-pcie-tpu_0                                                                   u:object_r:abc_tpu_device:s0
-/dev/access-kregistry                                                                 u:object_r:rebootescrow_device:s0
 /dev/access-metadata                                                                  u:object_r:ramoops_device:s0
 /dev/access-ramoops                                                                   u:object_r:ramoops_device:s0
 /dev/block/zram0                                                                      u:object_r:swap_block_device:s0
@@ -25,6 +24,7 @@
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox                u:object_r:hal_neuralnetworks_paintbox_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha                 u:object_r:hal_neuralnetworks_darwinn_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel                    u:object_r:hal_power_stats_default_exec:s0
+/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel                       u:object_r:hal_rebootescrow_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.usb@1\.2-service\.sunfish                           u:object_r:hal_usb_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.vibrator@1\.3-service\.sunfish                      u:object_r:hal_vibrator_default_exec:s0
 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel                        u:object_r:hal_weaver_citadel_exec:s0
@@ -64,6 +64,7 @@
 /data/vendor/tcpdump_logger(/.*)?                                                     u:object_r:tcpdump_vendor_data_file:s0
 /data/vendor_ce/[0-9]+/ramoops(/.*)?                                                  u:object_r:ramoops_vendor_data_file:s0
 /data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)?                              u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0
+/data/vendor/rebootescrow(/.*)?                                                       u:object_r:hal_rebootescrow_citadel_data_file:s0
 /data/per_boot(/.*)?                                                                  u:object_r:per_boot_file:s0
 
 # dev socket node
diff --git a/vendor/google/hal_rebootescrow_citadel.te b/vendor/google/hal_rebootescrow_citadel.te
new file mode 100644
index 0000000..c85ce20
--- /dev/null
+++ b/vendor/google/hal_rebootescrow_citadel.te
@@ -0,0 +1,15 @@
+type hal_rebootescrow_citadel, domain;
+type hal_rebootescrow_citadel_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_rebootescrow_citadel, hal_rebootescrow)
+
+vndbinder_use(hal_rebootescrow_citadel)
+binder_call(hal_rebootescrow_citadel, citadeld)
+allow hal_rebootescrow_citadel citadeld_service:service_manager find;
+
+hal_client_domain(hal_rebootescrow_citadel, hal_keymaster)
+
+init_daemon_domain(hal_rebootescrow_citadel)
+
+allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:dir create_dir_perms;
+allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:file create_file_perms;
diff --git a/vendor/google/init_citadel.te b/vendor/google/init_citadel.te
index 9896ebf..6583a3a 100644
--- a/vendor/google/init_citadel.te
+++ b/vendor/google/init_citadel.te
@@ -13,3 +13,4 @@ allow init_citadel vendor_toolbox_exec:file rx_file_perms;
 
 # init_citadel needs to invoke citadel_updater
 allow init_citadel citadel_updater_exec:file rx_file_perms;
+allow init_citadel citadel_device:chr_file rw_file_perms;
author	android-build-team Robot <android-build-team-robot@google.com>	2020-06-09 07:10:14 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2020-06-09 07:10:14 +0000
commit	440f0760d9b5890e7c60c3d61a322dfede2a5004 (patch)
tree	dc374b9902853cb4c1577b285ecc93c1e637dd6c
parent	3a0af5408fa16e1feb825920d5d3a23a609517ee (diff)
parent	cc43d24c3676990ffec9d8a47439b366b2c9309d (diff)
download	sunfish-sepolicy-440f0760d9b5890e7c60c3d61a322dfede2a5004.tar.gz