| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 1 | # Copyright (c) 2015,2017 The Linux Foundation. All rights reserved. |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 2 | # |
| 3 | # Redistribution and use in source and binary forms, with or without |
| 4 | # modification, are permitted provided that the following conditions are |
| 5 | # met: |
| 6 | # * Redistributions of source code must retain the above copyright |
| 7 | # notice, this list of conditions and the following disclaimer. |
| 8 | # * Redistributions in binary form must reproduce the above |
| 9 | # copyright notice, this list of conditions and the following |
| 10 | # disclaimer in the documentation and/or other materials provided |
| 11 | # with the distribution. |
| 12 | # * Neither the name of The Linux Foundation nor the names of its |
| 13 | # contributors may be used to endorse or promote products derived |
| 14 | # from this software without specific prior written permission. |
| 15 | # |
| 16 | # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | |
| jaihindy | 0b66b8c | 2017-07-31 17:43:11 +0530 | [diff] [blame] | 28 | #as the exec is defined in file_context it is hitting build |
| 29 | # error in user build so moving out of the macro |
| 30 | type qti-testscripts_exec, exec_type, file_type; |
| 31 | |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 32 | userdebug_or_eng(` |
| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 33 | typeattribute qti-testscripts coredomain; |
| sahil madeka | a3608c9 | 2017-05-12 15:41:40 -0700 | [diff] [blame] | 34 | permissive qti-testscripts; |
| jaihindy | 0b66b8c | 2017-07-31 17:43:11 +0530 | [diff] [blame] | 35 | init_daemon_domain(qti-testscripts) |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 36 | |
| jaihindy | 0b66b8c | 2017-07-31 17:43:11 +0530 | [diff] [blame] | 37 | #this is shell scripts and need /system/bin/sh |
| 38 | allow qti-testscripts shell_exec:file rx_file_perms; |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 39 | #super_user - start |
| 40 | # Add qti-testscripts to various domains |
| 41 | net_domain(qti-testscripts) |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 42 | |
| 43 | dontaudit qti-testscripts self:capability_class_set *; |
| 44 | dontaudit qti-testscripts kernel:security *; |
| 45 | dontaudit qti-testscripts kernel:system *; |
| 46 | dontaudit qti-testscripts self:memprotect *; |
| 47 | dontaudit qti-testscripts domain:process *; |
| 48 | dontaudit qti-testscripts domain:fd *; |
| 49 | dontaudit qti-testscripts domain:dir *; |
| 50 | dontaudit qti-testscripts domain:lnk_file *; |
| 51 | dontaudit qti-testscripts domain:{ fifo_file file } *; |
| 52 | dontaudit qti-testscripts domain:socket_class_set *; |
| 53 | dontaudit qti-testscripts domain:ipc_class_set *; |
| 54 | dontaudit qti-testscripts domain:key *; |
| 55 | dontaudit qti-testscripts fs_type:filesystem *; |
| 56 | dontaudit qti-testscripts {fs_type dev_type file_type}:dir_file_class_set *; |
| 57 | dontaudit qti-testscripts node_type:node *; |
| 58 | dontaudit qti-testscripts node_type:{ tcp_socket udp_socket rawip_socket } *; |
| 59 | dontaudit qti-testscripts netif_type:netif *; |
| 60 | dontaudit qti-testscripts port_type:socket_class_set *; |
| 61 | dontaudit qti-testscripts port_type:{ tcp_socket dccp_socket } *; |
| 62 | dontaudit qti-testscripts domain:peer *; |
| 63 | dontaudit qti-testscripts domain:binder *; |
| 64 | dontaudit qti-testscripts property_type:property_service *; |
| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 65 | dontaudit qti-testscripts property_type:file *; |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 66 | dontaudit qti-testscripts service_manager_type:service_manager *; |
| 67 | dontaudit qti-testscripts keystore:keystore_key *; |
| Divya Sharma | d8172c1 | 2017-01-20 14:29:16 -0800 | [diff] [blame] | 68 | # dontaudit qti-testscripts domain:debuggerd *; |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 69 | dontaudit qti-testscripts domain:drmservice *; |
| 70 | dontaudit qti-testscripts unlabeled:filesystem *; |
| 71 | #super_user - end |
| Biswajit Paul | de72e44 | 2015-08-20 14:54:27 -0700 | [diff] [blame] | 72 | |
| 73 | #Added below rule in same file to keep all debug policies |
| 74 | #under one common file. |
| 75 | |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 76 | # All domains can read proc enrty of qti-testscripts |
| 77 | r_dir_file(domain, qti-testscripts) |
| 78 | r_dir_file(qti-testscripts, domain) |
| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 79 | |
| 80 | # allow adbd qti-testscripts:process dyntransition; |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 81 | #allow { domain -mediaextractor -mediacodec } qti-testscripts:unix_stream_socket connectto; |
| Biswajit Paul | de72e44 | 2015-08-20 14:54:27 -0700 | [diff] [blame] | 82 | allow domain qti-testscripts:fd use; |
| Salendarsingh Gaud | 86a4244 | 2017-09-01 18:35:15 +0530 | [diff] [blame] | 83 | allow { domain -mediaextractor -mediacodec -hal_configstore_server } qti-testscripts:unix_stream_socket { getattr getopt read write shutdown }; |
| Siddeswar Aluganti | 759e189 | 2017-01-12 18:25:28 -0800 | [diff] [blame] | 84 | # binder_call({ domain -init -netd }, qti-testscripts) |
| Biswajit Paul | de72e44 | 2015-08-20 14:54:27 -0700 | [diff] [blame] | 85 | allow domain qti-testscripts:fifo_file { write getattr }; |
| 86 | allow domain qti-testscripts:process sigchld; |
| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 87 | binder_use(qti-testscripts) |
| Ravi Kumar Siddojigari | d814510 | 2017-10-23 23:32:58 +0530 | [diff] [blame] | 88 | hwbinder_use(qti-testscripts) |
| Ravi Kumar Siddojigari | 5404ec3 | 2017-07-07 13:34:54 +0530 | [diff] [blame] | 89 | allow platform_app qti-testscripts:unix_stream_socket { read write connectto}; |
| 90 | allow system_app qti-testscripts:unix_stream_socket { read write connectto}; |
| 91 | allow system_server qti-testscripts:binder { transfer call }; |
| 92 | allow untrusted_app_25 qti-testscripts:binder { transfer call }; |
| 93 | allow priv_app qti-testscripts:binder { transfer call }; |
| 94 | allow surfaceflinger qti-testscripts:binder { transfer call }; |
| 95 | allow system_server qti-testscripts:fifo_file read; |
| Jaihind Yadav | 937f9b8 | 2017-11-17 18:33:02 +0530 | [diff] [blame] | 96 | binder_call(platform_app, qti-testscripts) |
| 97 | binder_call(system_app, qti-testscripts) |
| 98 | |
| Avijit Kanti Das | 1dfec92 | 2015-06-24 17:20:50 -0700 | [diff] [blame] | 99 | ') |