diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2019-01-14 22:48:48 +0200 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-03-03 13:57:18 +0800 |
| commit | 607d8cad5163defab87819eff7aad586f66ca8f9 (patch) | |
| tree | 95105c1a015b16ce0a99ce4ba697d19e6bd2945a | |
| parent | 48f1de2715fd5c3a44bba0f82bbb0e5fa9fb012f (diff) | |
ice: sepolicy: add rules for touch hidl
Change-Id: Icb4322fee59663175e5e36371c30d8069355f36e
| -rw-r--r-- | sepolicy/dynamic/hal_lineage_touch.te | 5 | ||||
| -rw-r--r-- | sepolicy/dynamic/hwservice.te | 1 | ||||
| -rw-r--r-- | sepolicy/dynamic/hwservice_contexts | 5 | ||||
| -rw-r--r-- | sepolicy/private/system_app.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/system_server.te | 2 | ||||
| -rw-r--r-- | sepolicy/public/attributes | 2 | ||||
| -rw-r--r-- | sepolicy/sepolicy.mk | 37 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_lineage_touch_default.te | 5 | ||||
| -rw-r--r-- | target/product/common.mk | 3 |
9 files changed, 62 insertions, 0 deletions
diff --git a/sepolicy/dynamic/hal_lineage_touch.te b/sepolicy/dynamic/hal_lineage_touch.te new file mode 100644 index 0000000..0cc8082 --- /dev/null +++ b/sepolicy/dynamic/hal_lineage_touch.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server +binder_call(hal_lineage_touch_client, hal_lineage_touch_server) + +add_hwservice(hal_lineage_touch_server, hal_lineage_touch_hwservice) +allow hal_lineage_touch_client hal_lineage_touch_hwservice:hwservice_manager find; diff --git a/sepolicy/dynamic/hwservice.te b/sepolicy/dynamic/hwservice.te new file mode 100644 index 0000000..afee012 --- /dev/null +++ b/sepolicy/dynamic/hwservice.te @@ -0,0 +1 @@ +type hal_lineage_touch_hwservice, hwservice_manager_type; diff --git a/sepolicy/dynamic/hwservice_contexts b/sepolicy/dynamic/hwservice_contexts new file mode 100644 index 0000000..6b0ae88 --- /dev/null +++ b/sepolicy/dynamic/hwservice_contexts @@ -0,0 +1,5 @@ +vendor.lineage.touch::IGloveMode u:object_r:hal_lineage_touch_hwservice:s0 +vendor.lineage.touch::IKeyDisabler u:object_r:hal_lineage_touch_hwservice:s0 +vendor.lineage.touch::IKeySwapper u:object_r:hal_lineage_touch_hwservice:s0 +vendor.lineage.touch::IStylusMode u:object_r:hal_lineage_touch_hwservice:s0 +vendor.lineage.touch::ITouchscreenGesture u:object_r:hal_lineage_touch_hwservice:s0 diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te new file mode 100644 index 0000000..139fbea --- /dev/null +++ b/sepolicy/private/system_app.te @@ -0,0 +1,2 @@ +# Allow access to the HALs +hal_client_domain(system_app, hal_lineage_touch) diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te new file mode 100644 index 0000000..823be3b --- /dev/null +++ b/sepolicy/private/system_server.te @@ -0,0 +1,2 @@ +# HALs +hal_client_domain(system_server, hal_lineage_touch) diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes new file mode 100644 index 0000000..02c0ad5 --- /dev/null +++ b/sepolicy/public/attributes @@ -0,0 +1,2 @@ +# HALs +hal_attribute(lineage_touch) diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk new file mode 100644 index 0000000..1a4edef --- /dev/null +++ b/sepolicy/sepolicy.mk @@ -0,0 +1,37 @@ +# +# Copyright (C) 2022 Project ICE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ifeq ($(TARGET_COPY_OUT_VENDOR), vendor) +ifeq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),) +TARGET_USES_PREBUILT_VENDOR_SEPOLICY ?= true +endif +endif + +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += \ + vendor/ice/sepolicy/public + +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \ + vendor/ice/sepolicy/private + +ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true) +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \ + vendor/ice/sepolicy/dynamic \ + vendor/ice/sepolicy/system +else +BOARD_VENDOR_SEPOLICY_DIRS += \ + vendor/ice/sepolicy/dynamic \ + vendor/ice/sepolicy/vendor +endif diff --git a/sepolicy/vendor/hal_lineage_touch_default.te b/sepolicy/vendor/hal_lineage_touch_default.te new file mode 100644 index 0000000..dc68b98 --- /dev/null +++ b/sepolicy/vendor/hal_lineage_touch_default.te @@ -0,0 +1,5 @@ +type hal_lineage_touch_default, domain; +hal_server_domain(hal_lineage_touch_default, hal_lineage_touch) + +type hal_lineage_touch_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_lineage_touch_default) diff --git a/target/product/common.mk b/target/product/common.mk index 6aee212..644cf47 100644 --- a/target/product/common.mk +++ b/target/product/common.mk @@ -38,6 +38,9 @@ $(call inherit-product, vendor/ice/target/product/packages.mk) # Include properties makefile $(call inherit-product, vendor/ice/target/product/properties.mk) +# Include sepolicy makefile +$(call inherit-product, vendor/ice/sepolicy/sepolicy.mk) + # Move Wi-Fi modules to vendor PRODUCT_VENDOR_MOVE_ENABLED := true |