Merge pull request #1070 from gyenugul/pd-mapper

pebenito · web-flow · commit 6a8d9ecc85de · 2026-01-28T14:26:47.000-05:00
pd-mapper: Introduce SELinux domain for pd-mapper
diff --git a/policy/modules/services/pd_mapper.fc b/policy/modules/services/pd_mapper.fc
@@ -0,0 +1 @@
+/usr/bin/pd-mapper      --      gen_context(system_u:object_r:pd_mapper_exec_t,s0)
diff --git a/policy/modules/services/pd_mapper.if b/policy/modules/services/pd_mapper.if
@@ -0,0 +1,10 @@
+## <summary>pd-mapper</summary>
+#
+## <desc>
+## Qualcomm’s pd‑mapper service is the userspace Protection Domain mapper
+## that enables applications to access remote processors
+## (Wi‑Fi, modem, sensors, etc.)
+## on Qualcomm SoCs via the QRTR protocol.
+##
+## https://github.com/linux-msm/pd-mapper
+## </desc>
diff --git a/policy/modules/services/pd_mapper.te b/policy/modules/services/pd_mapper.te
@@ -0,0 +1,20 @@
+policy_module(pd_mapper)
+
+########################################
+#
+# Declarations
+#
+
+type pd_mapper_t;
+type pd_mapper_exec_t;
+init_daemon_domain(pd_mapper_t, pd_mapper_exec_t)
+
+########################################
+#
+# Local policy
+#
+
+allow pd_mapper_t self:qipcrtr_socket connected_socket_perms;
+
+# Read /sys/devices/platform/soc@0/2a300000.remoteproc/remoteproc/remoteproc2/firmware
+dev_read_sysfs(pd_mapper_t)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+/usr/bin/pd-mapper -- gen_context(system_u:object_r:pd_mapper_exec_t,s0)`