commit b41c5c597d6520418549aa2540070e40a751a15c
author Avijit Kanti Das <avijitnsec@codeaurora.org> Mon Dec 01 10:28:56 2014 -0800
committer Avijit Kanti Das <avijitnsec@codeaurora.org> Mon Dec 01 10:47:06 2014 -0800
tree 14c63d5137fa304c7899373ed63388c588a8aef3
parent bdf4d19617c6a3a0264376ba23829ee251cc052d

Seandroid: Adding policy for imscm

Adding policy for IMSCM

Change-Id: I9a552dc5240f0120181aa037061c9bc55f8ef316

Android.mk

diff --git a/Android.mk b/Android.mk
index 4751e66..4601d70 100755
--- a/Android.mk
+++ b/Android.mk
@@ -60,6 +60,7 @@
        mcStarter.te \
        keystore.te \
        ims.te \
+       imscm.te \
        healthd.te \
        charger_monitor.te \
        surfaceflinger.te \

common/file_contexts

diff --git a/common/file_contexts b/common/file_contexts
index 18ba48d..29bb030 100755
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -107,7 +107,7 @@
 /system/bin/imsdatadaemon                       u:object_r:ims_exec:s0
 /system/bin/imsqmidaemon                        u:object_r:ims_exec:s0
 /system/bin/ims_rtp_daemon                      u:object_r:ims_exec:s0
-/system/bin/imscmservice                        u:object_r:ims_exec:s0
+/system/bin/imscmservice                        u:object_r:imscm_exec:s0
 /system/bin/netmgrd                             u:object_r:netmgrd_exec:s0
 /system/bin/qmuxd                               u:object_r:qmuxd_exec:s0
 /system/bin/port-bridge                         u:object_r:port-bridge_exec:s0

common/imscm.te

diff --git a/common/imscm.te b/common/imscm.te
new file mode 100644
index 0000000..22a514d
--- /dev/null
+++ b/common/imscm.te
@@ -0,0 +1,25 @@
+#integrated sensor process
+type imscm, domain;
+type imscm_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(imscm)
+net_domain(imscm)
+
+# To make VT call
+binder_use(imscm)
+
+#Add connectionmanager service
+allow imscm imscm_service:service_manager add;
+
+#allow imscm ims_socket:sock_file write;
+#allow imscm ims:unix_stream_socket connectto;
+unix_socket_connect(imscm, ims, ims)
+allow imscm self:capability net_raw;
+#allow imscm untrusted_app:binder call;
+
+# imscm needs to communicate with test app
+# using binder call
+userdebug_or_eng(`
+  binder_call(imscm, untrusted_app)
+')

common/untrusted_app.te

diff --git a/common/untrusted_app.te b/common/untrusted_app.te
index 17857e6..0791009 100644
--- a/common/untrusted_app.te
+++ b/common/untrusted_app.te
@@ -4,3 +4,9 @@
 unix_socket_connect(untrusted_app, mpctl, perfd)
 unix_socket_send(untrusted_app, mpctl, mpdecision)
 unix_socket_connect(untrusted_app, mpctl, mpdecision)
+
+# test apps needs to communicate with imscm
+# using binder call
+userdebug_or_eng(`
+  binder_call(untrusted_app, imscm)
+')