Allow the NFC process to access hwservicemanager.

Add a macro to make this easier for other processes as well. Change-Id: I489d0ce042fe5ef88dc767a6fbdb9b795be91601 (cherry picked from commit c2b9c1561e4bd7ac86d78b44ca7927994e781da0)

Allow the NFC process to access hwservicemanager.
Add a macro to make this easier for other processes as well. Change-Id: I489d0ce042fe5ef88dc767a6fbdb9b795be91601 (cherry picked from commit c2b9c1561e4bd7ac86d78b44ca7927994e781da0)
9c769aff · Martijn Coenen · e13678f4 · 9c769aff · 9c769aff
Commit 9c769aff authored 8 years ago by Martijn Coenen
--- a/nfc.te
+++ b/nfc.te
@@ -4,6 +4,9 @@ app_domain(nfc)
 net_domain(nfc)
 binder_service(nfc)
+# hwbinder access
+hwbinder_use(nfc)
 # Set NFC properties
 set_prop(nfc, nfc_prop)

--- a/te_macros
+++ b/te_macros
@@ -186,6 +186,20 @@ allow servicemanager $1:process getattr;
 # all domains in domain.te.
 ')
+#####################################
+# hwbinder_use(domain)
+# Allow domain to use HwBinder IPC.
+define(`hwbinder_use', `
+# Call the hwservicemanager and transfer references to it.
+allow $1 hwservicemanager:binder { call transfer };
+# hwservicemanager performs getpidcon on clients.
+allow hwservicemanager $1:dir search;
+allow hwservicemanager $1:file { read open };
+allow hwservicemanager $1:process getattr;
+# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
+# all domains in domain.te.
+')
 #####################################
 # binder_call(clientdomain, serverdomain)
 # Allow clientdomain to perform binder IPC to serverdomain.