From facb64d8527ef91c14f91a37dfcadfd975ce7f2b Mon Sep 17 00:00:00 2001
From: chenyanxzhu <chenyanx.zhu@intel.com>
Date: Thu, 15 Aug 2024 15:21:49 +0800
Subject: [PATCH] Add sepolicy for dm backend app

Tracked-On:
Signed-off-by: chenyanxzhu <chenyanx.zhu@intel.com>
---
 graphics/dm_backend/backend_client_app.te | 10 ++++++++++
 graphics/dm_backend/file_contexts         |  3 +++
 graphics/dm_backend/seapp_contexts        |  1 +
 3 files changed, 14 insertions(+)
 create mode 100644 graphics/dm_backend/backend_client_app.te
 create mode 100644 graphics/dm_backend/file_contexts
 create mode 100644 graphics/dm_backend/seapp_contexts

diff --git a/graphics/dm_backend/backend_client_app.te b/graphics/dm_backend/backend_client_app.te
new file mode 100644
index 0000000..d617762
--- /dev/null
+++ b/graphics/dm_backend/backend_client_app.te
@@ -0,0 +1,10 @@
+type dm_backend_ipc_data_file, file_type, data_file_type;
+type dm_backend_app_data_file, file_type, data_file_type, app_data_file_type;
+type dm_backend_client_app, domain;
+
+#============= dm_backend_client_app ==============
+allow dm_backend_client_app dm_backend_ipc_data_file:dir { add_name remove_name };
+allow dm_backend_client_app dm_backend_ipc_data_file:sock_file { create unlink write };
+
+allow dm_backend_client_app dm_backend_app_data_file:dir create_dir_perms;
+
diff --git a/graphics/dm_backend/file_contexts b/graphics/dm_backend/file_contexts
new file mode 100644
index 0000000..80def97
--- /dev/null
+++ b/graphics/dm_backend/file_contexts
@@ -0,0 +1,3 @@
+#dm_backend_app /data/vendor/dm_backend_app permission
+/data/vendor/dm_backend_app(/.*)?       u:object_r:dm_backend_ipc_data_file:s0
+
diff --git a/graphics/dm_backend/seapp_contexts b/graphics/dm_backend/seapp_contexts
new file mode 100644
index 0000000..cdc80c6
--- /dev/null
+++ b/graphics/dm_backend/seapp_contexts
@@ -0,0 +1 @@
+user=system seinfo=platform name=com.intel.dm_backend domain=dm_backend_client_app type=dm_backend_app_data_file