Gitiles
Code Review Sign In
review.gerrithub.io / AOSPlusone / android_device_qcom_sepolicy / refs/heads/staging/cm-12.1-amss-2.1-ims^! / .
commit1e185521dea213ff51424ef49e5c91db9e9b66a0[log] [tgz]
authorAvijit Kanti Das <avijitnsec@codeaurora.org>Thu May 14 23:38:17 2015 -0700
committerDeepak Kundra <deepakkundra@gmail.com>Thu Jul 30 16:40:59 2015 -0700
treea8e3082dbb59ddcb445e85ff7ee2c396160c09c1
parent0a2137c75d6e7dce6ff53974e30f0f2508240aa5 [diff]
seandroid: imscm needs to communicate with apps

Allowing imscm daemon to communicate with platform_app and
system_app using binder call. untrusted_app also needs
to communicate with imscm for debug purpose.

Change-Id: I87a17fcafc4cc8a97ffa85b2f01ddf0b93e6387e
CRs-fixed: 812899

Conflicts:
	common/app.te
	common/platform_app.te
	common/system_app.te
	common/untrusted_app.te

diff --git a/common/app.te b/common/app.te
index 94387e4..f0ca239 100644
--- a/common/app.te
+++ b/common/app.te

@@ -13,8 +13,3 @@
 unix_socket_send(appdomain, mpctl, perfd)
 unix_socket_connect(appdomain, mpctl, perfd)
 
-# test apps needs to communicate with imscm
-# using binder call
-userdebug_or_eng(`
-  binder_call(appdomain, imscm)
-')

diff --git a/common/imscm.te b/common/imscm.te
index 57b2f57..acdf89b 100644
--- a/common/imscm.te
+++ b/common/imscm.te

@@ -20,8 +20,10 @@
 
 # imscm needs to communicate with test app
 # using binder call
+binder_call(imscm, system_app)
+binder_call(imscm, platform_app)
 userdebug_or_eng(`
-  binder_call(imscm, appdomain)
+  binder_call(imscm, untrusted_app)
 ')
 
 # imscm needs read/write access to devpts

diff --git a/common/platform_app.te b/common/platform_app.te
index 93fea5d..89381b1 100755
--- a/common/platform_app.te
+++ b/common/platform_app.te

@@ -1,3 +1,7 @@
 #Address denial logs for oma drm files accessing by platform apps
 allow platform_app oma_drm_data_file:dir rw_dir_perms;
 allow platform_app oma_drm_data_file:file create_file_perms;
+
+
+#Allow platform apps to interact with imscm daemon
+binder_call(platform_app, imscm)
\ No newline at end of file

diff --git a/common/system_app.te b/common/system_app.te
index 0122ae7..6339eb3 100644
--- a/common/system_app.te
+++ b/common/system_app.te

@@ -39,3 +39,6 @@
 
 # access to color service SDK
 allow system_app color_service:service_manager add;
+
+# allow system_app to interact with imscm daemon
+binder_call(system_app, imscm)

diff --git a/common/untrusted_app.te b/common/untrusted_app.te
index 428fae3..898dcf3 100644
--- a/common/untrusted_app.te
+++ b/common/untrusted_app.te

@@ -19,3 +19,10 @@
 # using binder call
 userdebug_or_eng(`
 ')
+
+
+# test apps needs to communicate with imscm
+# using binder call
+userdebug_or_eng(`
+  binder_call(untrusted_app, imscm)
+')
\ No newline at end of file