From 4f6eb37f6c0cc06acd3c0691b2f5b650504f1d75 Mon Sep 17 00:00:00 2001
From: Badhri Jagan Sridharan <Badhri@google.com>
Date: Sun, 3 Dec 2017 14:23:16 -0800
Subject: [PATCH] usbd sepolicy
Sepolicy for the usb daemon. (ag/3373886/)
Bug: 63669128
Test: Checked for avc denial messages.
Change-Id: I6e2a4ccf597750c47e1ea90c4d43581de4afa4af
---
private/compat/26.0/26.0.ignore.cil | 3 +++
private/file_contexts | 1 +
private/usbd.te | 12 ++++++++++++
public/usbd.te | 3 +++
4 files changed, 19 insertions(+)
create mode 100644 private/usbd.te
create mode 100644 public/usbd.te
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 9da748a92..95e617bf6 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -88,6 +88,9 @@
traced_tmpfs
update_engine_log_data_file
vendor_default_prop
+ usbd
+ usbd_exec
+ usbd_tmpfs
vendor_init
vendor_shell
vold_prepare_subdirs
diff --git a/private/file_contexts b/private/file_contexts
index 98552a322..8dfec78a4 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -240,6 +240,7 @@
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
/system/bin/lmkd u:object_r:lmkd_exec:s0
+/system/bin/usbd u:object_r:usbd_exec:s0
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
diff --git a/private/usbd.te b/private/usbd.te
new file mode 100644
index 000000000..13a0ad7a6
--- /dev/null
+++ b/private/usbd.te
@@ -0,0 +1,12 @@
+typeattribute usbd coredomain;
+
+init_daemon_domain(usbd)
+
+# Access usb gadget hal
+hal_client_domain(usbd, hal_usb_gadget)
+
+# Access persist.sys.usb.config
+get_prop(usbd, system_prop)
+
+# start adbd during boot if adb is enabled
+set_prop(usbd, ctl_default_prop)
diff --git a/public/usbd.te b/public/usbd.te
new file mode 100644
index 000000000..98786e062
--- /dev/null
+++ b/public/usbd.te
@@ -0,0 +1,3 @@
+type usbd, domain;
+type usbd_exec, exec_type, file_type;
+
--
GitLab