Accueil Explorer Aide
S'inscrire Connexion
drachfly
/
android10
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
android10
/
system
/
sepolicy
/
public
/
hal_cas.te

hal_cas.te 1.1 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334 
  1. # HwBinder IPC from client to server, and callbacks
    2. 

  2. binder_call(hal_cas_client, hal_cas_server)
    3. 

  3. binder_call(hal_cas_server, hal_cas_client)
    4. 

  4. 

  5. hal_attribute_hwservice(hal_cas, hal_cas_hwservice)
    6. 

  6. allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
    7. 

  7. 

  8. # Permit reading device's serial number from system properties
    9. 

  9. get_prop(hal_cas_server, serialno_prop)
    10. 

  10. 

  11. # Read files already opened under /data
    12. 

  12. allow hal_cas system_data_file:file { getattr read };
    13. 

  13. 

  14. # Read access to pseudo filesystems
    15. 

  15. r_dir_file(hal_cas, cgroup)
    16. 

  16. allow hal_cas cgroup:dir { search write };
    17. 

  17. allow hal_cas cgroup:file w_file_perms;
    18. 

  18. 

  19. # Allow access to ion memory allocation device
    20. 

  20. allow hal_cas ion_device:chr_file rw_file_perms;
    21. 

  21. allow hal_cas hal_graphics_allocator:fd use;
    22. 

  22. 

  23. allow hal_cas tee_device:chr_file rw_file_perms;
    24. 

  24. 

  25. ###
    26. 

  26. ### neverallow rules
    27. 

  27. ###
    28. 

  28. 

  29. # hal_cas should never execute any executable without a
    30. 

  30. # domain transition
    31. 

  31. neverallow hal_cas_server { file_type fs_type }:file execute_no_trans;
    32. 

  32. 

  33. # do not allow privileged socket ioctl commands
    34. 

  34. neverallowxperm hal_cas_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
    35.