From acfd25cac2f5637dd77f2f9ba19c814e52e4d386 Mon Sep 17 00:00:00 2001
From: Robert Quattlebaum <rquattle@google.com>
Date: Fri, 21 Apr 2017 14:25:53 -0700
Subject: [PATCH] lowpan: Added support for LoWPAN Service and
android.hardware.lowpan
Bug: b/64090883
Bug: b/33073713
Test: Manual
Change-Id: I7aa23c31b1fccae56c1a0e0bd4cfe370aeb911dd
---
private/compat/26.0/26.0.ignore.cil | 4 ++++
private/hwservice_contexts | 1 +
private/property_contexts | 4 ++++
private/service_contexts | 1 +
public/attributes | 1 +
public/device.te | 1 +
public/hal_lowpan.te | 21 +++++++++++++++++++++
public/hwservice.te | 1 +
public/property.te | 1 +
public/service.te | 1 +
vendor/file_contexts | 1 +
vendor/hal_lowpan_default.te | 5 +++++
12 files changed, 42 insertions(+)
create mode 100644 public/hal_lowpan.te
create mode 100644 vendor/hal_lowpan_default.te
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index e2b582567..c64c86618 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -10,11 +10,15 @@
e2fs_exec
hal_broadcastradio_hwservice
hal_cas_hwservice
+ hal_lowpan_hwservice
hal_neuralnetworks_hwservice
hal_tetheroffload_hwservice
hal_wifi_offload_hwservice
kmsg_debug_device
last_boot_reason_prop
+ lowpan_device
+ lowpan_prop
+ lowpan_service
mediaprovider_tmpfs
netd_stable_secret_prop
package_native_service
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index e30449553..9da38a61f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -23,6 +23,7 @@ android.hardware.health::IHealth u:object_r:hal_h
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
+android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
diff --git a/private/property_contexts b/private/property_contexts
index bb7780a9d..55974c041 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -113,5 +113,9 @@ ro.dalvik. u:object_r:dalvik_prop:s0
# Shared between system server and wificond
wlan. u:object_r:wifi_prop:s0
+# Lowpan properties
+lowpan. u:object_r:lowpan_prop:s0
+ro.lowpan. u:object_r:lowpan_prop:s0
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
diff --git a/private/service_contexts b/private/service_contexts
index 215174fc0..7dc83412f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -46,6 +46,7 @@ drm.drmManager u:object_r:drmserver_service:s0
dropbox u:object_r:dropbox_service:s0
dumpstate u:object_r:dumpstate_service:s0
econtroller u:object_r:radio_service:s0
+lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
diff --git a/public/attributes b/public/attributes
index b51f35311..986b0ed2a 100644
--- a/public/attributes
+++ b/public/attributes
@@ -210,6 +210,7 @@ hal_attribute(health);
hal_attribute(ir);
hal_attribute(keymaster);
hal_attribute(light);
+hal_attribute(lowpan);
hal_attribute(memtrack);
hal_attribute(neuralnetworks);
hal_attribute(nfc);
diff --git a/public/device.te b/public/device.te
index 475948da0..1d0104529 100644
--- a/public/device.te
+++ b/public/device.te
@@ -30,6 +30,7 @@ type hw_random_device, dev_type;
type input_device, dev_type;
type kmem_device, dev_type;
type port_device, dev_type;
+type lowpan_device, dev_type;
type mtd_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
diff --git a/public/hal_lowpan.te b/public/hal_lowpan.te
new file mode 100644
index 000000000..af491b159
--- /dev/null
+++ b/public/hal_lowpan.te
@@ -0,0 +1,21 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_lowpan_client, hal_lowpan_server)
+binder_call(hal_lowpan_server, hal_lowpan_client)
+
+add_hwservice(hal_lowpan_server, hal_lowpan_hwservice)
+
+# Allow hal_lowpan_client to be able to find the hal_lowpan_server
+allow hal_lowpan_client hal_lowpan_hwservice:hwservice_manager find;
+
+# hal_lowpan domain can write/read to/from lowpan_prop
+set_prop(hal_lowpan_server, lowpan_prop)
+
+# Allow hal_lowpan_server to open lowpan_devices
+allow hal_lowpan_server lowpan_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# Only LoWPAN HAL may directly access LoWPAN hardware
+neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr;
diff --git a/public/hwservice.te b/public/hwservice.te
index 97b9b8d19..19a72051b 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -22,6 +22,7 @@ type hal_health_hwservice, hwservice_manager_type;
type hal_ir_hwservice, hwservice_manager_type;
type hal_keymaster_hwservice, hwservice_manager_type;
type hal_light_hwservice, hwservice_manager_type;
+type hal_lowpan_hwservice, hwservice_manager_type;
type hal_memtrack_hwservice, hwservice_manager_type;
type hal_neuralnetworks_hwservice, hwservice_manager_type;
type hal_nfc_hwservice, hwservice_manager_type;
diff --git a/public/property.te b/public/property.te
index aa0b4ddf9..713dc8373 100644
--- a/public/property.te
+++ b/public/property.te
@@ -29,6 +29,7 @@ type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type;
type log_prop, property_type, log_property_type;
type log_tag_prop, property_type, log_property_type;
+type lowpan_prop, property_type;
type mmc_prop, property_type;
type net_dns_prop, property_type;
type net_radio_prop, property_type, core_property_type;
diff --git a/public/service.te b/public/service.te
index 30505e3fb..068ea4e78 100644
--- a/public/service.te
+++ b/public/service.te
@@ -72,6 +72,7 @@ type netd_listener_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 522e4bfea..17c5bf192 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -20,6 +20,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
diff --git a/vendor/hal_lowpan_default.te b/vendor/hal_lowpan_default.te
new file mode 100644
index 000000000..a49bf243f
--- /dev/null
+++ b/vendor/hal_lowpan_default.te
@@ -0,0 +1,5 @@
+type hal_lowpan_default, domain;
+type hal_lowpan_default_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_lowpan_default, hal_lowpan)
+init_daemon_domain(hal_lowpan_default)
--
GitLab