From 4fd34ca8ae0dddcb206b6c3705b43603d3cc2e88 Mon Sep 17 00:00:00 2001 From: Himanshu Agrawal Date: Tue, 21 Mar 2023 15:56:32 +0530 Subject: [PATCH] common: sepolicy: legacy: Add sepolicy rules for TZAS Add the sepolicy rules for trustzone access service to provide it access to various vendor and android services. Change-Id: I80f8bcb9a917ed18331fa3b92f1e8c65f8c631ad [Jprimero15: Change to vendor_hal_perf to align with our changes] Signed-off-by: Jprimero15 --- sepolicy/legacy/vendor/common/seapp_contexts | 3 +++ sepolicy/legacy/vendor/common/tzas_app.te | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 sepolicy/legacy/vendor/common/tzas_app.te diff --git a/sepolicy/legacy/vendor/common/seapp_contexts b/sepolicy/legacy/vendor/common/seapp_contexts index 2ae3cbc0..ae1ac857 100644 --- a/sepolicy/legacy/vendor/common/seapp_contexts +++ b/sepolicy/legacy/vendor/common/seapp_contexts @@ -67,3 +67,6 @@ user=_app seinfo=platform name=com.qti.phone domain=vendor_qtelephony type=app_d #allow embms msdc app to access embmssl hal user=_app seinfo=platform name=com.qti.ltebc domain=vendor_embmssl_app type=app_data_file levelFrom=all + +#Add new domain for trustzone access app +user=_app seinfo=platform name=com.qualcomm.qti.qms.service.trustzoneaccess domain=vendor_tzas_app type=app_data_file levelfrom=all diff --git a/sepolicy/legacy/vendor/common/tzas_app.te b/sepolicy/legacy/vendor/common/tzas_app.te new file mode 100644 index 00000000..91e92ec9 --- /dev/null +++ b/sepolicy/legacy/vendor/common/tzas_app.te @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-3-Clause-Clear + +type vendor_tzas_app, domain; + +app_domain(vendor_tzas_app) +net_domain(vendor_tzas_app) + +unix_socket_connect(vendor_tzas_app, ssgtzd, ssgtzd) + +binder_call(vendor_tzas_app, vendor_hal_perf_default) +allow vendor_tzas_app app_api_service:service_manager find; +allow vendor_tzas_app vendor_hal_perf_hwservice:hwservice_manager find; +