Merge "Added SE-Policy for UsbUdev Service"

2 files changed, 23 insertions, 0 deletions

diff --git a/generic/vendor/kalama/file_contexts b/generic/vendor/kalama/file_contexts
index c2ebfca0..b00d825a 100644
--- a/generic/vendor/kalama/file_contexts
+++ b/generic/vendor/kalama/file_contexts
@@ -308,3 +308,4 @@
 
 # Microdump collector parameters
 /sys/module/microdump_collector/parameters/.*  u:object_r:vendor_sysfs_microdump:s0
+/vendor/bin/usbudev     u:object_r:vendor_usbudev_qti_exec:s0
diff --git a/generic/vendor/kalama/usbudev.te b/generic/vendor/kalama/usbudev.te
new file mode 100644
index 00000000..ef24bd35
--- /dev/null
+++ b/generic/vendor/kalama/usbudev.te
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#============= vendor_usbudev_qti ==============
+
+type vendor_usbudev_qti, domain;
+type vendor_usbudev_qti_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_usbudev_qti)
+domain_auto_trans(init, vendor_usbudev_qti_exec, vendor_usbudev_qti)
+
+allow vendor_usbudev_qti self:capability net_admin;
+allow vendor_usbudev_qti self:netlink_route_socket { nlmsg_read read };
+allow vendor_usbudev_qti self:udp_socket { create ioctl };
+allow vendor_usbudev_qti self:netlink_kobject_uevent_socket { bind create getopt read setopt };
+allow vendor_usbudev_qti self:netlink_route_socket { create nlmsg_readpriv write };
+allow vendor_usbudev_qti vendor_sysfs_usb_node:dir search;
+allow vendor_usbudev_qti vendor_sysfs_usb_node:file { getattr open read };
+allow vendor_usbudev_qti proc_net:file { getattr open read };
+allow vendor_usbudev_qti vendor_shell_exec:file rx_file_perms;
+allow vendor_usbudev_qti vendor_toolbox_exec:file rx_file_perms;
+allowxperm vendor_usbudev_qti self:udp_socket ioctl { SIOCSIFHWADDR SIOCSIFFLAGS SIOCSIFADDR };
\ No newline at end of file