Add sepolicy for weaver aidl HAL service

Bug: 176107318 Change-Id: I9ca1a68e45b462c9b6ac912debb196b3a3ca45ba
2021-01-05 17:14:21 +08:00 · 2021-01-05 17:14:21 +08:00 · 291890a954
commit 291890a954
parent d06dfa3320
5 changed files with 11 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -41,6 +41,7 @@
    hal_keymint_service
    hal_neuralnetworks_service
    hal_power_stats_service
+    hal_weaver_service
    keystore_compat_hal_service
    keystore2_key_contexts_file
    legacy_permission_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -14,6 +14,7 @@ android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.vibrator.IVibrator/default                          u:object_r:hal_vibrator_service:s0
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0
+android.hardware.weaver.IWeaver/default                              u:object_r:hal_weaver_service:s0

 accessibility                             u:object_r:accessibility_service:s0
 account                                   u:object_r:account_service:s0
--- a/public/hal_weaver.te
+++ b/public/hal_weaver.te
@ -2,3 +2,6 @@
 binder_call(hal_weaver_client, hal_weaver_server)

 hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice)
+hal_attribute_service(hal_weaver, hal_weaver_service)
+
+binder_call(hal_weaver_server, servicemanager)
--- a/public/service.te
+++ b/public/service.te
@ -246,6 +246,7 @@ type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
 type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
+type hal_weaver_service, vendor_service, protected_service, service_manager_type;

 ###
 ### Neverallow rules
--- a/vendor/hal_weaver_default.te
+++ b/vendor/hal_weaver_default.te
@ -0,0 +1,5 @@
+type hal_weaver_default, domain;
+hal_server_domain(hal_weaver_default, hal_weaver)
+
+type hal_weaver_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_weaver_default)