device_motorola_sm7325-common/sepolicy/vendor/hal_ifaa.te

type hal_ifaa_default, domain;
hal_server_domain(hal_ifaa_default, hal_ifaa)

type hal_ifaa_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_ifaa_default)

# Allow hwbinder call from hal client to server
binder_call(hal_ifaa_client, hal_ifaa_server)

# Add hwservice related rules
add_hwservice(hal_ifaa_server, hal_ifaa_hwservice)
allow hal_ifaa_client hal_ifaa_hwservice:hwservice_manager find;

#Allow access to tee device
allow hal_ifaa_server tee_device:chr_file rw_file_perms;

#Allow access to ion device
allow hal_ifaa_server ion_device:chr_file r_file_perms;
sm8250-common: add sepolicies from nio state: https://github.com/LineageOS/android_device_motorola_nio/commit/fffc7ba5a601cc49a8133e58f795c703f3934ab6 2022-02-19 01:22:12 +01:00			`type hal_ifaa_default, domain;`
			`hal_server_domain(hal_ifaa_default, hal_ifaa)`

			`type hal_ifaa_default_exec, exec_type, vendor_file_type, file_type;`
			`init_daemon_domain(hal_ifaa_default)`

			`# Allow hwbinder call from hal client to server`
			`binder_call(hal_ifaa_client, hal_ifaa_server)`

			`# Add hwservice related rules`
			`add_hwservice(hal_ifaa_server, hal_ifaa_hwservice)`
			`allow hal_ifaa_client hal_ifaa_hwservice:hwservice_manager find;`

			`#Allow access to tee device`
			`allow hal_ifaa_server tee_device:chr_file rw_file_perms;`

			`#Allow access to ion device`
			`allow hal_ifaa_server ion_device:chr_file r_file_perms;`