blob: 84b708f7606ba567034020edeb9539fd87ee584c [file] [log] [blame]
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#####################################
# qmux_socket(clientdomain)
# Allow client domain to connecto and send
# via a local socket to the qmux domain.
# Also allow the client domain to remove
# its own socket.
define(`qmux_socket', `
allow $1 vendor_qmuxd_socket:dir create_dir_perms;
unix_socket_connect($1, vendor_qmuxd, vendor_qmuxd)
allow $1 vendor_qmuxd_socket:sock_file { read getattr write setattr create unlink };
')
#####################################
# netmgr_socket(clientdomain)
# Allow client domain to connecto and send
# via a local socket to the netmgrd domain.
# Also allow the client domain to remove
# its own socket.
define(`netmgr_socket', `
allow $1 vendor_netmgrd_socket:dir r_dir_perms;
unix_socket_connect($1, vendor_netmgrd, vendor_netmgrd)
allow $1 vendor_netmgrd_socket:sock_file { read getattr write };
')
#####################################
# portbridge_socket(clientdomain)
# Allow client domain to connecto and send
# via a local socket to the port-bridge domain.
# Also allow the client domain to remove
# its own socket.
define(`portbridge_socket', `
allow $1 vendor_port-bridge_socket:dir r_dir_perms;
unix_socket_connect($1, vendor_port-bridge, vendor_port-bridge)
allow $1 vendor_port-bridge_socket:sock_file { read write };
')
########################################
# peripheral_manager
# Allow clients to interact with peripheral
# manager
define(`use_vendor_per_mgr', `
vndbinder_use($1);
binder_call(vendor_per_mgr, $1);
binder_call($1, vendor_per_mgr);
allow $1 vendor_per_mgr_service:service_manager find;
get_prop($1, vendor_per_mgr_state_prop);
')
#####################################
# cnd_nims_socket_perm(clientdomain)
# allow vendor_cnd to read /proc/pid/cmdline to get appname
# allow vendor_cnd to use inet socket created by app.
define(`cnd_nims_socket_perm', `
allow vendor_cnd $1:dir r_dir_perms;
allow vendor_cnd $1:file r_file_perms;
allow vendor_cnd $1:fd use;
allow vendor_cnd $1:tcp_socket rw_socket_perms;
')
#####################################
# diag_use(clientdomain)
# allow clientdomain to read/write to diag
define(`diag_use', `
r_dir_file($1, vendor_sysfs_diag)
allow $1 vendor_diag_device:chr_file rw_file_perms;
')
#####################################
# use_netutils(clientdomain)
# allow access to netutils from vendor
define(`use_netutils', `
domain_auto_trans($1, netutils_wrapper_exec, netutils_wrapper)
allow netutils_wrapper $1:fd use;
allow netutils_wrapper $1:fifo_file { read write getattr };
allow netutils_wrapper $1:netlink_route_socket { read write };
allow netutils_wrapper $1:unix_stream_socket { read write };
allow netutils_wrapper $1:netlink_generic_socket { read write };
allow netutils_wrapper $1:netlink_xfrm_socket { read write };
allow netutils_wrapper $1:udp_socket { read write };
allow netutils_wrapper $1:tcp_socket { read write };
')
#####################################
## hal_server_domain_bypass(domain, hal_type)
## Allow a base set of permissions required for a domain to offer a
## HAL implementation of the specified type over HwBinder without
## halserverdomain attribute
##
## For example, default implementation of Foo HAL:
## type hal_foo_default, domain;
## hal_server_domain_bypass(hal_foo_default, hal_foo)
##
define(`hal_server_domain_bypass', `
hwbinder_use($1)
allow $1 system_file:dir r_dir_perms;
get_prop($1, hwservicemanager_prop)
typeattribute $1 $2_server;
typeattribute $1 $2;
')
#####################################
# coredata_datavendor_migration(domain, old_data_label, data_vendor_label)
# Allow a base set of permissions required for a sh to copy data from /data to /data/vendor
#
# For example, make nfc-sh copy data from /data/nfc to /data/vendor/nfc:
# coredata_datavendor_migration(nfc-sh, nfc_data_file, data_vendor_nfc_file)
# script that moves the data should be in /system/bin and should be using the
# /system/bin/sh.
#
define(`coredata_datavendor_migration', `
type $1, domain;
type $1_exec, exec_type, file_type;
init_daemon_domain($1);
typeattribute $1 data_between_core_and_vendor_violators;
typeattribute $1 coredomain;
allow $1 vendor_shell_exec:file rx_file_perms;
allow $1 vendor_toolbox_exec:file rx_file_perms;
allow $1 file_contexts_file:file { read getattr open };
allow $1 $2:file { getattr setattr relabelfrom rename };
allow $1 $2:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom };
allow $1 $3:dir { create_dir_perms relabelto };
# for writing files_moved so we only execute the move once
allow $1 $3:file { create open write getattr relabelto };
')
########################################
# framework full value-add detection
# Adds rules needed for client to use the framework detection module
# to differentiate being an unmodified AOSP framework with baseline
# AOSP functionality or one with modified AOSP providing full vendor
# value-adds
#
# Placeholder - currently the detection mechanism does not require
# any additional security permissions
define(`use_vendor_fwk_detect', `
')
########################################
# SoC detection at run time by vendor modules
# Adds rules needed for vendor modules to get soc info at run time
define(`use_libsoc_helper', `
get_prop($1, vendor_soc_id_prop);
')