Add secure policies for hbtp
Add secure policies for hbtp(host based touch processing)
service which uses device nodes through hbtp daemon
Change-Id: I6dbd17947b1d6d9d4e8f9c2af6771252783ab8a3
diff --git a/Android.mk b/Android.mk
index 80d9d3b..7f51d73 100644
--- a/Android.mk
+++ b/Android.mk
@@ -88,7 +88,8 @@
mmi.te \
dhcp.te \
wfd_app.te \
- mediaserver_test.te
+ mediaserver_test.te \
+ hbtp.te
# Compile sensor pilicy only for SSC targets
SSC_TARGET_LIST := apq8084
diff --git a/common/device.te b/common/device.te
index 6823ecb..927cf27 100755
--- a/common/device.te
+++ b/common/device.te
@@ -78,3 +78,7 @@
#Define Gadget serial device
type gadget_serial_device, dev_type;
+
+#Added for hbtp
+type bu21150_device, dev_type;
+type hbtp_device, dev_type;
diff --git a/common/file_contexts b/common/file_contexts
index 74356df..131eb45 100755
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -52,6 +52,8 @@
/dev/dpl_ctrl u:object_r:rmnet_device:s0
/dev/wcnss_ctrl u:object_r:wcnss_device:s0
/dev/wcnss_wlan u:object_r:wcnss_device:s0
+/dev/hbtp_input u:object_r:hbtp_device:s0
+/dev/jdi-bu21150 u:object_r:bu21150_device:s0
###################################
# Dev socket nodes
@@ -152,6 +154,7 @@
/system/vendor/bin/slim_ap_daemon u:object_r:location_exec:s0
/system/vendor/bin/qti u:object_r:qti_exec:s0
/system/bin/wcnss_service u:object_r:wcnss_service_exec:s0
+/system/vendor/bin/hbtp_daemon u:object_r:hbtp_exec:s0
###################################
# sysfs files
diff --git a/common/hbtp.te b/common/hbtp.te
new file mode 100644
index 0000000..08f5901
--- /dev/null
+++ b/common/hbtp.te
@@ -0,0 +1,10 @@
+# Policies for hbtp (host based touch processing)
+type hbtp, domain;
+type hbtp_exec, exec_type, file_type;
+
+init_daemon_domain(hbtp)
+
+# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
+allow hbtp hbtp_device:chr_file rw_file_perms;
+allow hbtp bu21150_device:chr_file rw_file_perms;
+