Skip to content

Commit

Permalink
Add sepolicy for dm backend app
Browse files Browse the repository at this point in the history 
Tracked-On: OAM-124639
Signed-off-by: chenyanxzhu <[email protected]>
  • Loading branch information
@chenyanxzhu
chenyanxzhu committed Sep 18, 2024
1 parent 4cbfbd0 commit 14480d9
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 0 deletions.
36 changes: 36 additions & 0 deletions graphics/dm_backend/backend_client_app.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
type dm_backend_ipc_data_file, file_type, data_file_type;
type dm_backend_app_data_file, file_type, data_file_type, app_data_file_type;
type dm_backend_client_app, domain;

app_domain(dm_backend_client_app)
net_domain(dm_backend_client_app)

#permissive dm_backend_client_app;

#============= dm_backend_client_app ==============
allow dm_backend_client_app dm_backend_ipc_data_file:dir { add_name remove_name };
allow dm_backend_client_app dm_backend_ipc_data_file:sock_file { create unlink write };

allow dm_backend_client_app dm_backend_app_data_file:dir create_dir_perms;
#allow dm_backend_client_app default_prop:file read;
#get_prop(dm_backend_client_app, default_prop)
allow dm_backend_client_app dm_backend_app_data_file:file unlink;


#allow dm_backend_client_app dm_backend_server:unix_stream_socket { connectto read write };

allow dm_backend_client_app activity_service:service_manager find;
allow dm_backend_client_app activity_task_service:service_manager find;
allow dm_backend_client_app content_capture_service:service_manager find;
allow dm_backend_client_app dm_backend_app_data_file:file { create open read setattr write };
allow dm_backend_client_app game_service:service_manager find;
allow dm_backend_client_app gpu_service:service_manager find;
allow dm_backend_client_app netstats_service:service_manager find;
allow dm_backend_client_app surfaceflinger_service:service_manager find;
allow dm_backend_client_app sysfs_gpu:dir search;
#allow dm_backend_client_app system_data_file:dir add_name;
#allow dm_backend_client_app system_data_file:sock_file { create write };
allow dm_backend_client_app vendor_intel_render_selection_prop:file open;
allow dm_backend_client_app virtual_device_service:service_manager find;
allow dm_backend_client_app voiceinteraction_service:service_manager find;
allow dm_backend_client_app dm_disp_socket:sock_file write;
5 changes: 5 additions & 0 deletions graphics/dm_backend/backend_server.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
type dm_backend_server, domain, mlstrustedsubject;
type dm_backend_server_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(dm_backend_server)

#permissive dm_backend_server;
1 change: 1 addition & 0 deletions graphics/dm_backend/file.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
type dm_disp_socket, file_type;
5 changes: 5 additions & 0 deletions graphics/dm_backend/file_contexts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#dm_backend_app /data/vendor/dm_backend_app permission
/data/vendor/dm_backend_app(/.*)? u:object_r:dm_backend_ipc_data_file:s0
/system/bin/dm-backend u:object_r:dm_backend_server_exec:s0
/system/bin/acrn-bkend-server u:object_r:dm_backend_server_exec:s0
/dev/socket/dm_display_server u:object_r:dm_disp_socket:s0
1 change: 1 addition & 0 deletions graphics/dm_backend/seapp_contexts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
user=_app seinfo=platform name=com.intel.dm_backend domain=dm_backend_client_app type=dm_backend_app_data_file

0 comments on commit 14480d9

Please sign in to comment.