sepolicy: Add rules for seemp health
Added new rules for seemp health service and its dependencies.
Change-Id: I53ab2a82f26ac70c67e130a77d74f4d4ed472582
diff --git a/common/file_contexts b/common/file_contexts
index 82dc639..d67d0dd 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -198,6 +198,7 @@
/system/bin/wcnss_service u:object_r:wcnss_service_exec:s0
/system/vendor/bin/hbtp_daemon u:object_r:hbtp_exec:s0
/system/vendor/bin/touch_fusion u:object_r:touchfusion_exec:s0
+/system/vendor/bin/seemp_healthd u:object_r:seemp_health_daemon_exec:s0
/system/bin/seempd u:object_r:seempd_exec:s0
/system/bin/sapd u:object_r:sapd_exec:s0
/system/bin/btsnoop u:object_r:btsnoop_exec:s0
diff --git a/common/platform_app.te b/common/platform_app.te
index 4b6e31e..3108281 100644
--- a/common/platform_app.te
+++ b/common/platform_app.te
@@ -15,3 +15,6 @@
# Allow NFC service to be found
allow platform_app nfc_service:service_manager find;
+
+#Allow platform apps to interact with seemp health daemon
+binder_call(platform_app, seemp_health_daemon)
diff --git a/common/seemp_health_daemon.te b/common/seemp_health_daemon.te
new file mode 100644
index 0000000..2cbcf8b
--- /dev/null
+++ b/common/seemp_health_daemon.te
@@ -0,0 +1,52 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type seemp_health_daemon, domain;
+type seemp_health_daemon_exec, exec_type, file_type;
+
+#Allow for transition from init domain to seemp_health_daemon
+init_daemon_domain(seemp_health_daemon)
+
+#Allow seemp_health_daemon to use Binder IPC
+binder_use(seemp_health_daemon)
+
+#Allow apps to interact with seemp_health_daemon
+binder_call(seemp_health_daemon, platform_app)
+binder_call(seemp_health_daemon, system_app)
+
+#Mark seemp_health_daemon as a Binder service domain
+binder_service(seemp_health_daemon)
+
+#Allow seemp_health_daemon to be registered with service manager
+allow seemp_health_daemon seemp_health_daemon_service:service_manager add;
+
+#Allow access to tee device
+allow seemp_health_daemon tee_device:chr_file rw_file_perms;
+
+#Allow access to firmware
+allow seemp_health_daemon firmware_file:dir r_dir_perms;
+allow seemp_health_daemon firmware_file:file r_file_perms;
diff --git a/common/service.te b/common/service.te
index 97a42f1..ef6d0ff 100644
--- a/common/service.te
+++ b/common/service.te
@@ -1,21 +1,22 @@
-type iqfp_service, service_manager_type;
-type atfwd_service, service_manager_type;
-type per_mgr_service, service_manager_type;
-type dpmservice, service_manager_type;
-type cne_service, service_manager_type;
-type fidodaemon_service, service_manager_type;
-type secotad_service, service_manager_type;
-type qseeproxy_service, service_manager_type;
-type wbc_service, service_manager_type;
-type STAProxyService, service_manager_type;
-type dun_service, service_manager_type;
-type imscm_service, system_api_service, service_manager_type;
-type color_service, service_manager_type;
-type wfdservice_service, service_manager_type;
-type usf_service, service_manager_type;
-type dtseagleservice_service, service_manager_type;
-type gba_auth_service, service_manager_type;
-type izat_service, system_api_service, service_manager_type;
-type seemp_service, service_manager_type;
-type mdtpdaemon_service, service_manager_type;
-type qtitetherservices_service, service_manager_type;
+type iqfp_service, service_manager_type;
+type atfwd_service, service_manager_type;
+type per_mgr_service, service_manager_type;
+type dpmservice, service_manager_type;
+type cne_service, service_manager_type;
+type fidodaemon_service, service_manager_type;
+type seemp_health_daemon_service, service_manager_type;
+type secotad_service, service_manager_type;
+type qseeproxy_service, service_manager_type;
+type wbc_service, service_manager_type;
+type STAProxyService, service_manager_type;
+type dun_service, service_manager_type;
+type imscm_service, system_api_service, service_manager_type;
+type color_service, service_manager_type;
+type wfdservice_service, service_manager_type;
+type usf_service, service_manager_type;
+type dtseagleservice_service, service_manager_type;
+type gba_auth_service, service_manager_type;
+type izat_service, system_api_service, service_manager_type;
+type seemp_service, service_manager_type;
+type mdtpdaemon_service, service_manager_type;
+type qtitetherservices_service, service_manager_type;
diff --git a/common/service_contexts b/common/service_contexts
index 9e015c7..dfbbed4 100644
--- a/common/service_contexts
+++ b/common/service_contexts
@@ -23,3 +23,4 @@
seempservice u:object_r:seemp_service:s0
mdtp u:object_r:mdtpdaemon_service:s0
qtitetherservice u:object_r:qtitetherservices_service:s0
+com.qualcomm.qti.seemp.health u:object_r:seemp_health_daemon_service:s0
diff --git a/common/system_app.te b/common/system_app.te
index 3fcb9b2..b40bd27 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -83,6 +83,9 @@
# allow system_app to interact with fido daemon
binder_call(system_app, fidodaemon)
+# allow system_app to interact with seemp health daemon
+binder_call(system_app, seemp_health_daemon)
+
#allow access to RIDL
allow system_app RIDL_data_file:dir rw_dir_perms;
allow system_app RIDL_data_file:file create_file_perms;