sepolicy: Add smd device contexts and rules Add the contexts for smd devices as well as the rules for smd pkt and tty loopback modules. Change-Id: Ie2ac21a4a8e67bd066a80274b39e99361ad9f698

commit: 6a6ca233fb273d0adf04f2d84a614b23828c8161 [log] [tgz]
author: Brent Hronik <bhronik@codeaurora.org> Tue Dec 17 12:28:23 2013 -0700
committer: Avijit Kanti Das <avijitnsec@codeaurora.org> Thu Jul 24 02:21:12 2014 -0700
tree: 322c881cc4d93ecaa8d04870be5e0596aa346574
parent: 9bd586d4d555babba0d6cfb01e0ec9a90109d4bd [diff]
diff --git a/Android.mk b/Android.mk
index 9e7d096..110b563 100644
--- a/Android.mk
+++ b/Android.mk

@@ -1,6 +1,7 @@
 # Board specific SELinux policy variable definitions
 BOARD_SEPOLICY_DIRS := \
-       device/qcom/sepolicy
+       device/qcom/sepolicy \
+       device/qcom/sepolicy/test
 
 BOARD_SEPOLICY_UNION := \
        file_contexts \
@@ -12,4 +13,5 @@
        drmserver.te \
        adbd.te \
        qmuxd.te \
-       netmgrd.te
+       netmgrd.te \
+       smd_test.te

diff --git a/device.te b/device.te
index cfbaafc..fe1a5a5 100644
--- a/device.te
+++ b/device.te

@@ -9,3 +9,6 @@
 
 #Define the mhi device
 type mhi_device, dev_type;
+
+#device type for smd device nodes, ie /dev/smd*
+type smd_device, dev_type;

diff --git a/file_contexts b/file_contexts
index 7620bc0..51eb15c 100644
--- a/file_contexts
+++ b/file_contexts

@@ -28,3 +28,6 @@
 #Context for the netmgrd and qmuxd daemons
 /system/bin/netmgrd        u:object_r:netmgrd_exec:s0
 /system/bin/qmuxd          u:object_r:qmuxd_exec:s0
+/dev/kgsl-3d0        u:object_r:gpu_device:s0
+
+/dev/smd.*  	 	u:object_r:smd_device:s0

diff --git a/test/file_contexts b/test/file_contexts
new file mode 100644
index 0000000..676b7ab
--- /dev/null
+++ b/test/file_contexts

@@ -0,0 +1 @@
+/system/bin/kernel-tests/smd.* u:object_r:smd_test_exec:s0

diff --git a/test/smd_test.te b/test/smd_test.te
new file mode 100644
index 0000000..2ad4a96
--- /dev/null
+++ b/test/smd_test.te

@@ -0,0 +1,14 @@
+#must be defined for file_contexts
+type smd_test_exec, exec_type, file_type;
+
+userdebug_or_eng(`
+  type smd_test, domain;
+  domain_auto_trans(shell, smd_test_exec, smd_test)
+  domain_auto_trans(su, smd_test_exec, smd_test)
+  domain_auto_trans(adbd, smd_test_exec, smd_test)
+  #SMD device node and test file contexts
+  allow smd_test smd_device:chr_file {ioctl read write open getattr append};
+  #tests are launched from pseudo terminal, so output will be directed there
+  #and as such needs adequate allow rules
+  allow smd_test devpts:chr_file {ioctl read write open getattr};
+')
commit	6a6ca233fb273d0adf04f2d84a614b23828c8161	[log] [tgz]
author	Brent Hronik <bhronik@codeaurora.org>	Tue Dec 17 12:28:23 2013 -0700
committer	Avijit Kanti Das <avijitnsec@codeaurora.org>	Thu Jul 24 02:21:12 2014 -0700
tree	322c881cc4d93ecaa8d04870be5e0596aa346574
parent	9bd586d4d555babba0d6cfb01e0ec9a90109d4bd [diff]