iap140: Add NVM partition for board unique data.

changes:
1. te: add nvm_data_file and nvm_block_device type.
2. init.iap140.rc: mount /NVM at system startup.
3. Grant permission to mwirelessd daemon to read MAC from /NVM.

BUG=25948658
BUG=25644802

Change-Id: I6d4b093021302ab03c1c746038ca949ee5ab773a

6 files changed, 17 insertions, 0 deletions

diff --git a/peripheral/libwireless/sepolicy/mwirelessd.te b/peripheral/libwireless/sepolicy/mwirelessd.te
index 2049c9f..9080766 100644
--- a/peripheral/libwireless/sepolicy/mwirelessd.te
+++ b/peripheral/libwireless/sepolicy/mwirelessd.te
@@ -26,6 +26,9 @@ allow mwirelessd wireless_data_file:sock_file create_file_perms;
 allow mwirelessd self:capability { setuid setgid sys_module };
 allow mwirelessd mwirelessd_socket:sock_file unlink;
 
+allow mwirelessd nvm_data_file:file r_file_perms;
+allow mwirelessd nvm_data_file:dir search;
+
 dontaudit mwirelessd property_socket:sock_file create_file_perms;
 dontaudit mwirelessd sysfs_devices_system_cpu:dir r_dir_perms;
 dontaudit mwirelessd sysfs_devices_system_cpu:file r_file_perms;
diff --git a/soc/iap140/init.iap140.rc b/soc/iap140/init.iap140.rc
index 80b9b4c..b741219 100644
--- a/soc/iap140/init.iap140.rc
+++ b/soc/iap140/init.iap140.rc
@@ -23,6 +23,10 @@ on fs
     mount_all /fstab.${ro.hardware}
     mount debugfs debugfs /sys/kernel/debug
 
+    # mount /NVM to save board unique data, such as product SN, and MAC address.
+    mkdir /NVM 0744 system system
+    mount ext4 /dev/block/by-name/NVM /NVM ro nosuid nodev nodelalloc,noauto_da_alloc
+
 on post-fs-data
     setprop wifi.interface wlan0
     setprop wifidirect.interface p2p0
diff --git a/soc/iap140/sepolicy/device.te b/soc/iap140/sepolicy/device.te
new file mode 100644
index 0000000..89027fc
--- /dev/null
+++ b/soc/iap140/sepolicy/device.te
@@ -0,0 +1,2 @@
+# NVM block device
+type nvm_block_device, dev_type;
diff --git a/soc/iap140/sepolicy/file.te b/soc/iap140/sepolicy/file.te
new file mode 100644
index 0000000..e96f11b
--- /dev/null
+++ b/soc/iap140/sepolicy/file.te
@@ -0,0 +1,2 @@
+# NVM data file type
+type nvm_data_file, file_type, data_file_type;
diff --git a/soc/iap140/sepolicy/file_contexts b/soc/iap140/sepolicy/file_contexts
index 76b81e3..496325d 100644
--- a/soc/iap140/sepolicy/file_contexts
+++ b/soc/iap140/sepolicy/file_contexts
@@ -1,9 +1,13 @@
 # Serial console
 /dev/ttyS1        u:object_r:console_device:s0
 
+# /NVM for board unique data, such as SN, WiFi MAC address, BT address
+/NVM(/.*)?      u:object_r:nvm_data_file:s0
+
 # Block devices
 /dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/misc          u:object_r:misc_block_device:s0
 /dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/boot_a        u:object_r:boot_block_device:s0
 /dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/system_a      u:object_r:system_block_device:s0
 /dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/boot_b        u:object_r:boot_block_device:s0
 /dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/system_b      u:object_r:system_block_device:s0
+/dev/block/platform/soc\.2/d4200000\.axi/d4281000\.sdh/by-name/NVM           u:object_r:nvm_block_device:s0
diff --git a/soc/iap140/sepolicy/init.te b/soc/iap140/sepolicy/init.te
new file mode 100644
index 0000000..8c14fba
--- /dev/null
+++ b/soc/iap140/sepolicy/init.te
@@ -0,0 +1,2 @@
+# Allow the NVM partition to be mounted
+allow init nvm_data_file:dir mounton;