Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / refs/heads/t / . / common / ims.te
blob: e4777109e84074751ac9b98750374ca1ad7cf7e4 [file] [log] [blame]
Avijit Kanti Dasf2b7a742014-10-24 18:32:44 -0700[diff] [blame]1#integrated sensor process
Biswajit Paul6786a922017-03-16 11:53:53 -0700[diff] [blame]2type ims, domain;
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]3type ims_exec, exec_type, vendor_file_type, file_type;
Avijit Kanti Dasf2b7a742014-10-24 18:32:44 -0700[diff] [blame]4
5# Started by init
6init_daemon_domain(ims)
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]7net_domain(ims)
Avijit Kanti Dasf2b7a742014-10-24 18:32:44 -0700[diff] [blame]8
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]9# Talk to qmuxd
10qmux_socket(ims)
11
Biswajit Paulec0f6282016-06-08 11:05:49 -0700[diff] [blame]12allow ims self:capability net_bind_service;
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]13
14# Use generic netlink socket
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]15allow ims self:{
16 netlink_socket
17 socket
Biswajit Paulc6024d22016-07-06 17:35:41 -0700[diff] [blame]18 netlink_generic_socket
Biswajit Paul2d35d982017-02-01 17:40:10 -0800[diff] [blame]19} create_socket_perms_no_ioctl;
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]20
21# To run NDC command
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]22allow ims {
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]23 vendor_shell_exec
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]24 system_file
25 # IMS route installation
26 wcnss_service_exec
Divya Sharma7caea0a2017-03-06 15:36:22 -0800[diff] [blame]27 # for WPA supplicant comment to remove compilation issue
28 #wpa_exec
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]29}:file rx_file_perms;
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]30
Avijit Kanti Dascfa67e92014-11-20 17:49:15 -0800[diff] [blame]31# Talk to qumuxd via ims_socket
32unix_socket_connect(ims, ims, qmuxd)
33
sahil madekaa3608c92017-05-12 15:41:40 -0700[diff] [blame]34set_prop(ims, qcom_ims_prop)
Devi Sandeep Endluri V V3cfe83d2018-02-20 12:53:15 +0530[diff] [blame]35set_prop(ims, ctl_vendor_imsrcsservice_prop)
Avijit Kanti Das66376042014-12-01 11:21:16 -0800[diff] [blame]36
37# permissions needed for IMS to connect and interact with WPA supplicant
Divya Sharma7caea0a2017-03-06 15:36:22 -0800[diff] [blame]38# comment to remove compilation
39#unix_socket_send(ims, wpa, wpa)
Avijit Kanti Das66376042014-12-01 11:21:16 -0800[diff] [blame]40allow ims wpa_socket:dir w_dir_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]41allow ims wpa_socket:sock_file { create unlink setattr };
Avijit Kanti Das66376042014-12-01 11:21:16 -0800[diff] [blame]42allow ims wifi_data_file:dir r_dir_perms;
43
44# permissions for communication with CNE in LBO use case
45unix_socket_connect(ims, cnd, cnd)
Avijit Kanti Dase1dd1862014-12-03 10:39:35 -0800[diff] [blame]46
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]47#Allow access to netmgrd socket
48netmgr_socket(ims);
49
50# Inherit and use open files from radio.
51allow ims radio:fd use;
Biswajit Paul277acbb2016-07-20 12:02:14 -0700[diff] [blame]52
53#diag
54userdebug_or_eng(`
55 diag_use(ims)
56')
Biswajit Paul700ef6a2017-03-31 11:22:34 -0700[diff] [blame]57allow ims self:{ socket udp_socket } ioctl;
58# ioctlcmd=c302
59allowxperm ims self:socket ioctl msm_sock_ipc_ioctls;
60# ioctlcmd=89fd
61allowxperm ims self:udp_socket ioctl priv_sock_ioctls;
62allow ims sysfs:file r_file_perms;
Sunmeet Gill575d2492017-05-22 19:03:52 -0700[diff] [blame]63allow ims sysfs_data:file r_file_perms;
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]64hwbinder_use(ims)
65get_prop(ims, hwservicemanager_prop)
66get_prop(ims, qcom_ims_prop)
67allow ims hal_cne_hwservice:hwservice_manager find;
68binder_call(ims, cnd)