| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 1 | # Copyright (c) 2015, The Linux Foundation. All rights reserved. |
| 2 | # |
| 3 | # Redistribution and use in source and binary forms, with or without |
| 4 | # modification, are permitted provided that the following conditions are |
| 5 | # met: |
| 6 | # * Redistributions of source code must retain the above copyright |
| 7 | # notice, this list of conditions and the following disclaimer. |
| 8 | # * Redistributions in binary form must reproduce the above |
| 9 | # copyright notice, this list of conditions and the following |
| 10 | # disclaimer in the documentation and/or other materials provided |
| 11 | # with the distribution. |
| 12 | # * Neither the name of The Linux Foundation nor the names of its |
| 13 | # contributors may be used to endorse or promote products derived |
| 14 | # from this software without specific prior written permission. |
| 15 | # |
| 16 | # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | |
| Biswajit Paul | 6786a92 | 2017-03-16 11:53:53 -0700 | [diff] [blame] | 28 | type mdtpdaemon, domain; |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 29 | type mdtpdaemon_exec, exec_type, vendor_file_type, file_type; |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 30 | |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 31 | allow mdtpdaemon self:capability { |
| 32 | setuid |
| 33 | setgid |
| 34 | }; |
| 35 | |
| 36 | userdebug_or_eng(` |
| 37 | #Needed for kill(pid, 0) existance test |
| 38 | allow mdtpdaemon su:process signull; |
| 39 | allow mdtpdaemon self:capability kill; |
| Biswajit Paul | 277acbb | 2016-07-20 12:02:14 -0700 | [diff] [blame] | 40 | diag_use(mdtpdaemon) |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 41 | ') |
| 42 | |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 43 | #Allow for transition from init domain to mdtpdaemon |
| 44 | init_daemon_domain(mdtpdaemon) |
| 45 | |
| 46 | #Allow mdtpdaemon to use Binder IPC |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 47 | #binder_use(mdtpdaemon) |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 48 | |
| 49 | #Mark mdtpdaemon as a Binder service domain |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 50 | #binder_service(mdtpdaemon) |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 51 | |
| 52 | #Allow mdtpdaemon to be registered with service manager |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 53 | #allow mdtpdaemon mdtpdaemon_service:service_manager { add find }; |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 54 | |
| 55 | #Allow apps to interact with mdtpdaemon |
| 56 | binder_call(mdtpdaemon, platform_app) |
| 57 | |
| 58 | #Allow access to firmware |
| 59 | r_dir_file(mdtpdaemon, firmware_file) |
| 60 | |
| 61 | #Allow access to qsee directories |
| 62 | allow mdtpdaemon data_qsee_file:dir create_dir_perms; |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 63 | allow mdtpdaemon data_qsee_file:file create_file_perms; |
| Amit Blay | b143fa1 | 2015-10-02 11:34:27 +0300 | [diff] [blame] | 64 | |
| 65 | #Allow access to qsee fifos |
| 66 | allow mdtpdaemon data_qsee_file:fifo_file create_file_perms; |
| 67 | |
| 68 | #Allow access to tee device |
| 69 | allow mdtpdaemon tee_device:chr_file rw_file_perms; |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 70 | |
| 71 | # Provide access to block devices |
| 72 | allow mdtpdaemon block_device:dir r_dir_perms; |
| 73 | allow mdtpdaemon mdtp_device:blk_file rw_file_perms; |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 74 | allow mdtpdaemon system_block_device:blk_file r_file_perms; |
| 75 | |
| 76 | # Provide access to QTI Crypto driver for MDTP |
| 77 | # allow mdtpdaemon qce_device:chr_file rw_file_perms; |
| 78 | |
| 79 | # Provide read access to all /system files for MDTP file-to-block-mapping |
| 80 | r_dir_file(mdtpdaemon, exec_type) |
| 81 | r_dir_file(mdtpdaemon, system_file) |
| 82 | |
| 83 | # Provide mdtpd ability to access QMUXD/IPCRouter for QMI |
| 84 | qmux_socket(mdtpdaemon); |
| Biswajit Paul | cc0e05e | 2017-03-08 16:20:35 -0800 | [diff] [blame] | 85 | allow mdtpdaemon self:socket create_socket_perms; |
| 86 | allowxperm mdtpdaemon self:socket ioctl msm_sock_ipc_ioctls; |
| Amit Blay | 84d3124 | 2016-01-14 17:07:10 +0200 | [diff] [blame] | 87 | |
| 88 | # Provide tee ability to run executables in rootfs for MDTP |
| 89 | allow mdtpdaemon rootfs:file x_file_perms; |
| Biswajit Paul | f63bd14 | 2017-03-16 16:41:02 -0700 | [diff] [blame] | 90 | allow mdtpdaemon ion_device:chr_file r_file_perms; |
| 91 | allow mdtpdaemon sysfs:file r_file_perms; |
| Sunmeet Gill | 575d249 | 2017-05-22 19:03:52 -0700 | [diff] [blame] | 92 | allow mdtpdaemon sysfs_data:file r_file_perms; |