SELinux PIO: Give PeripheralMan access to /dev/spidev*
Add a new device type: spi_device for spidev devices
and give pio access to it.
BUG: 27434823
Change-Id: I9a9d3018b6317f621facc24639c8fdf5322a663b
TEST: PIO could open /dev/spidev5.1 on Edison
diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..50f12b1
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1 @@
+type spi_device, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f0a9b01..9b7a1e9 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -70,3 +70,5 @@
/system/etc/init\.wifi-setup\.sh u:object_r:wifi_setup_exec:s0
/system/etc/os-release\.d(/.*)? u:object_r:os_release_file:s0
+
+/dev/spidev.* u:object_r:spi_device:s0
diff --git a/sepolicy/peripheralman.te b/sepolicy/peripheralman.te
index 07f3bca..0150f05 100644
--- a/sepolicy/peripheralman.te
+++ b/sepolicy/peripheralman.te
@@ -11,3 +11,6 @@
# Allow access to sysfs.
allow peripheralman sysfs:file rw_file_perms;
allow peripheralman sysfs:dir r_dir_perms;
+
+# Allow access to spidev devices.
+allow peripheralman spi_device:chr_file rw_file_perms;
