Merge "Seandroid: IMS interaction with WPA"
diff --git a/Android.mk b/Android.mk
index 4751e66..4601d70 100755
--- a/Android.mk
+++ b/Android.mk
@@ -60,6 +60,7 @@
mcStarter.te \
keystore.te \
ims.te \
+ imscm.te \
healthd.te \
charger_monitor.te \
surfaceflinger.te \
diff --git a/common/file_contexts b/common/file_contexts
index 18ba48d..29bb030 100755
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -107,7 +107,7 @@
/system/bin/imsdatadaemon u:object_r:ims_exec:s0
/system/bin/imsqmidaemon u:object_r:ims_exec:s0
/system/bin/ims_rtp_daemon u:object_r:ims_exec:s0
-/system/bin/imscmservice u:object_r:ims_exec:s0
+/system/bin/imscmservice u:object_r:imscm_exec:s0
/system/bin/netmgrd u:object_r:netmgrd_exec:s0
/system/bin/qmuxd u:object_r:qmuxd_exec:s0
/system/bin/port-bridge u:object_r:port-bridge_exec:s0
diff --git a/common/imscm.te b/common/imscm.te
new file mode 100644
index 0000000..22a514d
--- /dev/null
+++ b/common/imscm.te
@@ -0,0 +1,25 @@
+#integrated sensor process
+type imscm, domain;
+type imscm_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(imscm)
+net_domain(imscm)
+
+# To make VT call
+binder_use(imscm)
+
+#Add connectionmanager service
+allow imscm imscm_service:service_manager add;
+
+#allow imscm ims_socket:sock_file write;
+#allow imscm ims:unix_stream_socket connectto;
+unix_socket_connect(imscm, ims, ims)
+allow imscm self:capability net_raw;
+#allow imscm untrusted_app:binder call;
+
+# imscm needs to communicate with test app
+# using binder call
+userdebug_or_eng(`
+ binder_call(imscm, untrusted_app)
+')
diff --git a/common/mm-pp-daemon.te b/common/mm-pp-daemon.te
index 5a62334..6c9ad16 100755
--- a/common/mm-pp-daemon.te
+++ b/common/mm-pp-daemon.te
@@ -8,14 +8,17 @@
allow mm-pp-daemon graphics_device:chr_file rw_file_perms;
allow mm-pp-daemon graphics_device:dir search;
-# Allow reading calibration data from persist
-allow mm-pp-daemon persist_file:file r_file_perms;
-allow mm-pp-daemon persist_file:dir search;
+# Allow reading/writing to persist
+# The color config file is dynamically created
+allow mm-pp-daemon persist_file:dir rw_dir_perms;
+allow mm-pp-daemon persist_file:file create_file_perms;
-# Allow pp daemon to save settings to /data
-allow mm-pp-daemon display_config:file rw_file_perms;
+# Allow reading/writing data config files
+allow mm-pp-daemon display_config:dir create_dir_perms;
+allow mm-pp-daemon display_config:file create_file_perms;
+
allow mm-pp-daemon system_prop:property_service set;
-#Calibration can only be done on userdebug or eng builds
+
userdebug_or_eng(`
# Display calibration service opens /dev/diag in order to communicate with the
# target device
@@ -32,12 +35,13 @@
allow mm-pp-daemon shell_exec:file rx_file_perms;
allow mm-pp-daemon system_file:file execute_no_trans;
allow mm-pp-daemon zygote_exec:file rx_file_perms;
-
- # Allow writing to persist
- allow mm-pp-daemon persist_file:file rw_file_perms;
-
- # Allow mm-pp-daemon to change the brightness of the target during display
- # calibration
- allow mm-pp-daemon sysfs:file rw_file_perms;
- unix_socket_connect(mm-pp-daemon, property, init)
+ allow mm-pp-daemon self:process ptrace;
')
+
+# Allow mm-pp-daemon to change the brightness of the target during display
+# calibration
+allow mm-pp-daemon sysfs:file rw_file_perms;
+
+# Allow socket calls in pp-daemon
+unix_socket_connect(mm-pp-daemon, property, init)
+unix_socket_connect(mm-pp-daemon, pps, init)
diff --git a/common/service.te b/common/service.te
index ec90dda..e662570 100644
--- a/common/service.te
+++ b/common/service.te
@@ -6,3 +6,4 @@
type dun_service, service_manager_type;
type digitalpen_service, service_manager_type;
type imscm_service, service_manager_type;
+type color_service, service_manager_type;
diff --git a/common/service_contexts b/common/service_contexts
index b29e165..eccd3fd 100644
--- a/common/service_contexts
+++ b/common/service_contexts
@@ -7,3 +7,4 @@
dun u:object_r:dun_service:s0
DigitalPen u:object_r:digitalpen_service:s0
qti.ims.connectionmanagerservice u:object_r:imscm_service:s0
+com.qti.snapdragon.sdk.display.IColorService u:object_r:color_service:s0
diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te
index 9c984ac..854ff8c 100644
--- a/common/surfaceflinger.te
+++ b/common/surfaceflinger.te
@@ -2,10 +2,7 @@
allow surfaceflinger shell_data_file:dir search;
# Allows pp-daemon to refresh the screen in calibration mode
-userdebug_or_eng(`
- allow surfaceflinger mm-pp-daemon:dir search;
- allow surfaceflinger mm-pp-daemon:file r_file_perms;
-')
+r_dir_file(surfaceflinger, mm-pp-daemon)
binder_call(surfaceflinger, location)
binder_call(surfaceflinger, tee)
diff --git a/common/system_app.te b/common/system_app.te
index 9005543..1942a77 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -32,3 +32,6 @@
# access to time_daemon
allow system_app time_daemon:unix_stream_socket connectto;
+
+# access to color service SDK
+allow system_app color_service:service_manager add;
diff --git a/common/untrusted_app.te b/common/untrusted_app.te
index 17857e6..0791009 100644
--- a/common/untrusted_app.te
+++ b/common/untrusted_app.te
@@ -4,3 +4,9 @@
unix_socket_connect(untrusted_app, mpctl, perfd)
unix_socket_send(untrusted_app, mpctl, mpdecision)
unix_socket_connect(untrusted_app, mpctl, mpdecision)
+
+# test apps needs to communicate with imscm
+# using binder call
+userdebug_or_eng(`
+ binder_call(untrusted_app, imscm)
+')