jacinto6evm: sepolicy: initial sepolicy rules for lad daemon

Initial rules for lad_dra7xx daemon

Change-Id: I4cff5b47bf978dc87c05bc43926b34899981eefb
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>

3 files changed, 27 insertions, 0 deletions

diff --git a/sepolicy/device.te b/sepolicy/device.te
index 1489b07..9af3309 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,2 +1,4 @@
 type bluetooth_control, dev_type;
 type rtc, dev_type;
+type hwspinlock_dev, dev_type;
+type uio_dev, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 6ac1f73..68f966c 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -25,6 +25,14 @@
 #cpuset script
 /system/bin/init.jacinto6evmboard.cpuset.sh	u:object_r:init-cpuset-sh_exec:s0
 
+#lad_dra7xx
+/system/bin/lad_dra7xx		u:object_r:lad_dra7xx_exec:s0
+/data/lad(/.*)?			u:object_r:lad_data_file:s0
+
+#hwspinlock and uio
+/dev/hwspinlock			u:object_r:hwspinlock_dev:s0
+/dev/uio0			u:object_r:uio_dev:s0
+
 #Block devices
 /dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system     u:object_r:system_block_device:s0
 /dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery   u:object_r:recovery_block_device:s0
diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te
new file mode 100644
index 0000000..a5ea3a4
--- /dev/null
+++ b/sepolicy/lad_dra7xx.te
@@ -0,0 +1,17 @@
+type lad_dra7xx, domain;
+type lad_dra7xx_exec, exec_type, file_type;
+type lad_data_file, file_type, data_file_type;
+
+# Started by init
+init_daemon_domain(lad_dra7xx)
+
+# Allow access to /data/lad
+allow lad_dra7xx devpts:chr_file {read write ioctl getattr };
+allow lad_dra7xx lad_data_file:dir { create_dir_perms };
+allow lad_dra7xx lad_data_file:fifo_file { create_file_perms };
+allow lad_dra7xx self:socket { create_socket_perms };
+
+# Allow access to hwspinlock and uio device
+allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };
+allow lad_dra7xx uio_dev:chr_file { rw_file_perms };
+allow lad_dra7xx sysfs:file { r_file_perms };