Create new security labels for device nodes.
Labeling nodes with appropriate types doesn't
introduce any new denials to the mix. This
list largely addresses the Qualcomm specific
nodes.
Various nodes are labeled with radio specific
types. Since the deb build inherits from this flo
policy, it is a good idea to include them.
Change-Id: Ia55a80af027c8bde933d45c41f4ed287f01adb2e
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index f4bd99c..9c56e1c 100755
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -104,6 +104,7 @@
BOARD_SEPOLICY_UNION += \
app.te \
device.te \
+ file.te \
rmt.te \
ueventd.te \
surfaceflinger.te \
diff --git a/sepolicy/device.te b/sepolicy/device.te
index f29322b..3b00fc5 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,2 +1,15 @@
# GPU (used by most UI apps)
type gpu_device, dev_type;
+
+type diag_device, dev_type;
+
+# Kickstart device used by QC qcks
+type kickstart_device, dev_type;
+
+# SMD device, used by hci_qcomm_init
+type smd_device, dev_type;
+
+# Shared memory logger
+type shared_log_device, dev_type;
+
+type power_control_device, dev_type;
diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..7f406bc
--- /dev/null
+++ b/sepolicy/file.te
@@ -0,0 +1,5 @@
+# Qualcomm MSM Interface (QMI) socket
+type qmuxd_socket, file_type;
+type sensors_socket, file_type;
+
+type mpdecision_socket, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index fad561b..3073910 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -5,6 +5,76 @@
/dev/kgsl-3d0 u:object_r:gpu_device:s0
/dev/kgsl u:object_r:gpu_device:s0
+# Image Rotator Driver
+/dev/msm_rotator u:object_r:video_device:s0
+
+# Qualcomm MSM Interface (QMI) devices
+/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0
+
+/dev/bcm2079x-i2c u:object_r:nfc_device:s0
+/dev/diag u:object_r:diag_device:s0
+
+# CPU governor controls
+/dev/socket/mpdecision(/.*)? u:object_r:mpdecision_socket:s0
+
+## Radio related
+# modem driver
+/dev/mdm u:object_r:radio_device:s0
+# high speed inter-chip controls
+/dev/hsicctl[0-3] u:object_r:radio_device:s0
+# mux controller
+/dev/rmnet_mux_ctrl u:object_r:radio_device:s0
+# qmi protocol driver
+/dev/qmi[0-2] u:object_r:radio_device:s0
+# shared memory drivers
+/dev/smdcntl[0-7] u:object_r:radio_device:s0
+/dev/smd7 u:object_r:radio_device:s0
+
+# Bluetooth shared memory interfaces
+/dev/smd2 u:object_r:hci_attach_dev:s0
+/dev/smd3 u:object_r:hci_attach_dev:s0
+# Default label for shared memory drivers
+/dev/smd([0-9])+ u:object_r:smd_device:s0
+/dev/smem_log u:object_r:shared_log_device:s0
+
+# Serial console
+/dev/ttyHS0 u:object_r:hci_attach_dev:s0
+/dev/ttyMSM0 u:object_r:hci_attach_dev:s0
+
+# Serial-to-Usb support
+/dev/ttyUSB0 u:object_r:radio_device:s0
+
+# Jpeg Engine support
+/dev/gemini.* u:object_r:camera_device:s0
+# MSM camera related
+/dev/v4l-subdev.* u:object_r:camera_device:s0
+/dev/video([0-9])+ u:object_r:camera_device:s0
+/dev/msm_camera(/.*)? u:object_r:camera_device:s0
+/dev/media([0-9])+ u:object_r:camera_device:s0
+
+# Qualcomm MSM Audio devices
+/dev/msm_acdb u:object_r:audio_device:s0
+/dev/msm_mp3 u:object_r:audio_device:s0
+/dev/msm_rtac u:object_r:audio_device:s0
+/dev/msm_vidc.* u:object_r:audio_device:s0
+/dev/msm_amrnb.* u:object_r:audio_device:s0
+/dev/msm_amrwb.* u:object_r:audio_device:s0
+/dev/msm_aac.* u:object_r:audio_device:s0
+
+# MSM Dedicated Sensors Processor Subsystem
+/dev/msm_dsps u:object_r:sensors_device:s0
+# Sensors shared Memory Packet Interface
+/dev/smd_sns_dsps u:object_r:sensors_device:s0
+
+/dev/cpu_dma_latency u:object_r:power_control_device:s0
+
+/dev/ks_hsic_bridge u:object_r:kickstart_device:s0
+/dev/efs_hsic_bridge u:object_r:kickstart_device:s0
+
+
# rmt_storage is a qualcomm specific daemon responsible
# for servicing modem filesystem requests.
/system/bin/rmt_storage u:object_r:rmt_exec:s0
