Sepolicy for allocator hal.

Bug: 32123421 Test: full build/test of allocator hal using hidl_test Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b
2016-12-15 12:49:38 -08:00 · 2016-12-15 12:49:38 -08:00 · 72d18125c1
commit 72d18125c1
parent 5f25239c2c
4 changed files with 16 additions and 0 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -244,6 +244,7 @@
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
+/system/bin/hw/android\.hidl\.memory@1\.0-service             u:object_r:hal_allocator_exec:s0

 #############################
 # Vendor files
--- a/private/hal_allocator.te
+++ b/private/hal_allocator.te
@ -0,0 +1 @@
+init_daemon_domain(hal_allocator)
--- a/public/hal_allocator.te
+++ b/public/hal_allocator.te
@ -0,0 +1,6 @@
+# allocator subsystem
+type hal_allocator, domain;
+type hal_allocator_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_allocator)
--- a/public/te_macros
+++ b/public/te_macros
@ -222,6 +222,14 @@ define(`binder_service', `
 typeattribute $1 binderservicedomain;
 ')

+#####################################
+# hwallocator_use(domain)
+# Allow a domain to use Hidl shared memory
+define(`hwallocator_use', `
+# Call into the allocator hal
+binder_call($1, hal_allocator);
+'')
+
 #####################################
 # wakelock_use(domain)
 # Allow domain to manage wake locks