diff options
-rw-r--r-- | soc/msm8916/prebuilts/sepolicy/ioctl_defines | 7 | ||||
-rw-r--r-- | soc/msm8916/prebuilts/sepolicy/ioctl_macros | 8 | ||||
-rw-r--r-- | soc/msm8916/prebuilts/sepolicy/qseecomd.te | 1 | ||||
-rw-r--r-- | soc/msm8916/prebuilts/sepolicy/rmt.te | 1 |
4 files changed, 17 insertions, 0 deletions
diff --git a/soc/msm8916/prebuilts/sepolicy/ioctl_defines b/soc/msm8916/prebuilts/sepolicy/ioctl_defines new file mode 100644 index 0000000..93a833d --- /dev/null +++ b/soc/msm8916/prebuilts/sepolicy/ioctl_defines @@ -0,0 +1,7 @@ +# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h +define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300') +define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301') +define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302') +define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303') +define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304') +define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305') diff --git a/soc/msm8916/prebuilts/sepolicy/ioctl_macros b/soc/msm8916/prebuilts/sepolicy/ioctl_macros new file mode 100644 index 0000000..dd9a2e8 --- /dev/null +++ b/soc/msm8916/prebuilts/sepolicy/ioctl_macros @@ -0,0 +1,8 @@ +define(`msm_sock_ipc_ioctls', `{ +IPC_ROUTER_IOCTL_GET_VERSION +IPC_ROUTER_IOCTL_GET_MTU +IPC_ROUTER_IOCTL_LOOKUP_SERVER +IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE +IPC_ROUTER_IOCTL_BIND_CONTROL_PORT +IPC_ROUTER_IOCTL_CONFIG_SEC_RULES +}') diff --git a/soc/msm8916/prebuilts/sepolicy/qseecomd.te b/soc/msm8916/prebuilts/sepolicy/qseecomd.te index 3e483f1..fdb1614 100644 --- a/soc/msm8916/prebuilts/sepolicy/qseecomd.te +++ b/soc/msm8916/prebuilts/sepolicy/qseecomd.te @@ -80,6 +80,7 @@ r_dir_file(tee, system_file) # Provide tee ability to access QMUXD/IPCRouter for QMI. qmux_socket(tee) allow tee self:socket create_socket_perms; +allowxperm tee self:socket ioctl msm_sock_ipc_ioctls; # Provide tee ability to run executables in rootfs for MDTP. allow tee rootfs:file x_file_perms; diff --git a/soc/msm8916/prebuilts/sepolicy/rmt.te b/soc/msm8916/prebuilts/sepolicy/rmt.te index 305c4b2..db462c9 100644 --- a/soc/msm8916/prebuilts/sepolicy/rmt.te +++ b/soc/msm8916/prebuilts/sepolicy/rmt.te @@ -20,6 +20,7 @@ allow rmt uio_device:chr_file rw_file_perms; allow rmt mmc_block_device:blk_file r_file_perms; allow rmt self:socket create_socket_perms; +allowxperm rmt self:socket ioctl msm_sock_ipc_ioctls; allow rmt root_block_device:blk_file r_file_perms; allow rmt modem_block_device:blk_file rw_file_perms; |