samsung_sm8750/android_device_samsung_sm8750-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sm8550-common: Work around keymint HAL to avoid conflicts with source built

Browse Source 
Change-Id: Ie16c7052cb9e343adcafa4303ae62d606ce4585f
This commit is contained in:
chaptsand
2024-12-30 17:05:40 +08:00
parent 995d43f745
commit e8ab765331
4 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extract-files.py
View File

@@ -49,7 +49,7 @@ lib_fixups: lib_fixups_user_type = {
} }
blob_fixups: blob_fixups_user_type = { blob_fixups: blob_fixups_user_type = {
('vendor/bin/hw/android.hardware.security.keymint-service', 'vendor/lib64/libskeymint10device.so', 'vendor/lib64/libskeymint_cli.so'): blob_fixup() ('vendor/bin/hw/android.hardware.security.keymint-service-qti', 'vendor/lib64/libskeymint10device.so', 'vendor/lib64/libskeymint_cli.so'): blob_fixup()
.add_needed('android.hardware.security.rkp-V3-ndk.so') .add_needed('android.hardware.security.rkp-V3-ndk.so')
.replace_needed('libcrypto.so', 'libcrypto-v33.so') .replace_needed('libcrypto.so', 'libcrypto-v33.so')
.replace_needed('libcppbor_external.so', 'libcppbor.so'), .replace_needed('libcppbor_external.so', 'libcppbor.so'),
@@ -73,6 +73,8 @@ blob_fixups: blob_fixups_user_type = {
.add_needed('libcodec2_shim.so'), .add_needed('libcodec2_shim.so'),
'vendor/lib64/unihal_android.so': blob_fixup() 'vendor/lib64/unihal_android.so': blob_fixup()
.add_needed('libui_shim.so'), .add_needed('libui_shim.so'),
'vendor/etc/init/android.hardware.security.keymint-service.rc': blob_fixup()
.regex_replace('android.hardware.security.keymint-service', 'android.hardware.security.keymint-service-qti'),
} # fmt: skip } # fmt: skip
module = ExtractUtilsModule( module = ExtractUtilsModule(

4
proprietary-files.txt
View File

@@ -925,9 +925,9 @@ vendor/lib64/libqtikeymaster4.so
vendor/lib64/libspcom.so vendor/lib64/libspcom.so
# Keymint # Keymint
vendor/bin/hw/android.hardware.security.keymint-service;MODULE_SUFFIX=.samsung vendor/bin/hw/android.hardware.security.keymint-service:vendor/bin/hw/android.hardware.security.keymint-service-qti;FIX_SONAME
vendor/etc/init/android.hardware.security.keymint-service.rc vendor/etc/init/android.hardware.security.keymint-service.rc
vendor/etc/vintf/manifest/android.hardware.security.keymint-service-qti.xml:vendor/etc/vintf/manifest/android.hardware.security.keymint-service.xml vendor/etc/vintf/manifest/android.hardware.security.keymint-service-qti.xml
vendor/lib64/libskeymint10device.so vendor/lib64/libskeymint10device.so
vendor/lib64/libskeymint_cli.so vendor/lib64/libskeymint_cli.so
vendor/lib64/vendor.samsung.hardware.keymint-V2-ndk.so vendor/lib64/vendor.samsung.hardware.keymint-V2-ndk.so

31
sepolicy/vendor/hal_keymint_default.te vendored
View File

@@ -1,25 +1,24 @@
# Allow keymint HAL to read/write efs_file # Allow keymint HAL to read/write efs_file
allow hal_keymint_default efs_file:dir create_dir_perms; allow vendor_hal_keymint_qti efs_file:dir create_dir_perms;
allow hal_keymint_default efs_file:file create_file_perms; allow vendor_hal_keymint_qti efs_file:file create_file_perms;
# Allow keymint HAL to read/write dak_efs_file # Allow keymint HAL to read/write dak_efs_file
allow hal_keymint_default dak_efs_file:dir create_dir_perms; allow vendor_hal_keymint_qti dak_efs_file:dir create_dir_perms;
allow hal_keymint_default dak_efs_file:file create_file_perms; allow vendor_hal_keymint_qti dak_efs_file:file create_file_perms;
# Allow keymint HAL to read/write sec_efs_file # Allow keymint HAL to read/write sec_efs_file
allow hal_keymint_default sec_efs_file:dir create_dir_perms; allow vendor_hal_keymint_qti sec_efs_file:dir create_dir_perms;
allow hal_keymint_default sec_efs_file:file create_file_perms; allow vendor_hal_keymint_qti sec_efs_file:file create_file_perms;
# Allow keymint HAL to access TZ device # Allow keymint HAL to access TZ device
allow hal_keymint_default vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms; allow vendor_hal_keymint_qti vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
allow hal_keymint_default vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms; allow vendor_hal_keymint_qti vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms;
allow hal_keymint_default vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms; allow vendor_hal_keymint_qti vendor_skp_device:chr_file r_file_perms;
allow hal_keymint_default vendor_skp_device:chr_file r_file_perms; allow vendor_hal_keymint_qti vendor_spcom_device:chr_file rw_file_perms;
allow hal_keymint_default vendor_spcom_device:chr_file rw_file_perms; allow vendor_hal_keymint_qti vendor_spss_utils_device:chr_file rw_file_perms;
allow hal_keymint_default vendor_spss_utils_device:chr_file rw_file_perms;
get_prop(hal_keymint_default, vendor_tee_listener_prop) get_prop(vendor_hal_keymint_qti, vendor_spcomlib_prop)
get_prop(hal_keymint_default, vendor_spcomlib_prop)
allow hal_keymint_default mnt_vendor_file:dir search;
unix_socket_connect(hal_keymint_default, property, hermesd) allow vendor_hal_keymint_qti mnt_vendor_file:dir search;
unix_socket_connect(vendor_hal_keymint_qti, property, hermesd)

2
sepolicy/vendor/hermesd.te vendored
View File

@@ -23,7 +23,7 @@ allow hermesd vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
allow hermesd vendor_gatekeeper_data_file:dir create_dir_perms; allow hermesd vendor_gatekeeper_data_file:dir create_dir_perms;
allow hermesd vendor_gatekeeper_data_file:file create_file_perms; allow hermesd vendor_gatekeeper_data_file:file create_file_perms;
allow hermesd hal_keymint_default:binder transfer; allow hermesd vendor_hal_keymint_qti:binder transfer;
set_prop(hermesd, vendor_securenvm_prop) set_prop(hermesd, vendor_securenvm_prop)
set_prop(hermesd, vendor_securehw_prop) set_prop(hermesd, vendor_securehw_prop)