From 29dc02c04417ba76bf079d9414d51a992d892c4a Mon Sep 17 00:00:00 2001 From: Arthur Ishiguro Date: Fri, 15 Oct 2021 15:47:13 +0000 Subject: [PATCH] Sensors stable AIDL HAL sepolicy Bug: 195593357 Test: TreeHugger Change-Id: I02b88a93d829654a1ce946681b59e648b2cd7550 --- private/compat/31.0/31.0.ignore.cil | 1 + private/service_contexts | 1 + public/hal_sensors.te | 5 +++++ public/service.te | 1 + vendor/file_contexts | 1 + 5 files changed, 9 insertions(+) diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil index 692d73950..22f6cd849 100644 --- a/private/compat/31.0/31.0.ignore.cil +++ b/private/compat/31.0/31.0.ignore.cil @@ -12,6 +12,7 @@ extra_free_kbytes extra_free_kbytes_exec hal_contexthub_service + hal_sensors_service hal_system_suspend_service hal_tv_tuner_service hal_uwb_service diff --git a/private/service_contexts b/private/service_contexts index 805c6b3e2..1b28ca979 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -16,6 +16,7 @@ android.hardware.security.keymint.IKeyMintDevice/default u:object_r: android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0 android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0 android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0 +android.hardware.sensors.ISensors/default u:object_r:hal_sensors_service:s0 android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0 android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0 android.hardware.uwb.IUwb/default u:object_r:hal_uwb_service:s0 diff --git a/public/hal_sensors.te b/public/hal_sensors.te index 06e76f1e1..f25a2ea56 100644 --- a/public/hal_sensors.te +++ b/public/hal_sensors.te @@ -12,3 +12,8 @@ allow hal_sensors hal_allocator:fd use; # allow to run with real-time scheduling policy allow hal_sensors self:global_capability_class_set sys_nice; + +add_service(hal_sensors_server, hal_sensors_service) +binder_call(hal_sensors_server, servicemanager) + +allow hal_sensors_client hal_sensors_service:service_manager find; diff --git a/public/service.te b/public/service.te index 9fcf4d399..d3331754f 100644 --- a/public/service.te +++ b/public/service.te @@ -270,6 +270,7 @@ type hal_power_service, vendor_service, protected_service, service_manager_type; type hal_power_stats_service, vendor_service, protected_service, service_manager_type; type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type; type hal_remotelyprovisionedcomponent_service, vendor_service, protected_service, service_manager_type; +type hal_sensors_service, vendor_service, protected_service, service_manager_type; type hal_secureclock_service, vendor_service, protected_service, service_manager_type; type hal_sharedsecret_service, vendor_service, protected_service, service_manager_type; type hal_system_suspend_service, protected_service, service_manager_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 7c576186d..5f8d0cd03 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -70,6 +70,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service u:object_r:hal_radio_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.rebootescrow-service\.default u:object_r:hal_rebootescrow_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service\.example u:object_r:hal_sensors_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0 /(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0