From 814e89a1b2429b06a0fa45acb5f29c25002b3f65 Mon Sep 17 00:00:00 2001 From: Chirag Pathak Date: Thu, 28 Jan 2021 06:55:21 +0000 Subject: [PATCH] The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523. Change-Id: I8b81ec12c45566d31edcd117e41fd559df32c37d --- private/compat/30.0/30.0.ignore.cil | 2 ++ private/service_contexts | 2 ++ public/service.te | 2 ++ vendor/hal_keymint_default.te | 3 +++ 4 files changed, 9 insertions(+) diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil index d1800dfb6..0077d4a58 100644 --- a/private/compat/30.0/30.0.ignore.cil +++ b/private/compat/30.0/30.0.ignore.cil @@ -47,6 +47,8 @@ hal_keymint_service hal_neuralnetworks_service hal_power_stats_service + hal_secureclock_service + hal_sharedsecret_service hal_weaver_service keystore_compat_hal_service keystore2_key_contexts_file diff --git a/private/service_contexts b/private/service_contexts index 404f59318..d85d73874 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -12,6 +12,8 @@ android.hardware.power.IPower/default u:object_r: android.hardware.power.stats.IPowerStats/default u:object_r:hal_power_stats_service:s0 android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0 android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0 +android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0 +android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0 android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0 android.hardware.vibrator.IVibratorManager/default u:object_r:hal_vibrator_service:s0 android.hardware.weaver.IWeaver/default u:object_r:hal_weaver_service:s0 diff --git a/public/service.te b/public/service.te index cfc8a2f6c..93e6cc031 100644 --- a/public/service.te +++ b/public/service.te @@ -250,6 +250,8 @@ type hal_oemlock_service, vendor_service, protected_service, service_manager_typ type hal_power_service, vendor_service, protected_service, service_manager_type; type hal_power_stats_service, vendor_service, protected_service, service_manager_type; type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type; +type hal_secureclock_service, vendor_service, protected_service, service_manager_type; +type hal_sharedsecret_service, vendor_service, protected_service, service_manager_type; type hal_vibrator_service, vendor_service, protected_service, service_manager_type; type hal_weaver_service, vendor_service, protected_service, service_manager_type; diff --git a/vendor/hal_keymint_default.te b/vendor/hal_keymint_default.te index d86b7b4a5..3b86a1b2e 100644 --- a/vendor/hal_keymint_default.te +++ b/vendor/hal_keymint_default.te @@ -4,4 +4,7 @@ hal_server_domain(hal_keymint_default, hal_keymint) type hal_keymint_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_keymint_default) +hal_attribute_service(hal_keymint, hal_secureclock_service) +hal_attribute_service(hal_keymint, hal_sharedsecret_service) + get_prop(hal_keymint_default, vendor_security_patch_level_prop);