From 291890a95417e0007fb1dcd356f1db5d4c2bffd1 Mon Sep 17 00:00:00 2001
From: ChengYou Ho <chengyouho@google.com>
Date: Tue, 5 Jan 2021 17:14:21 +0800
Subject: [PATCH] Add sepolicy for weaver aidl HAL service

Bug: 176107318
Change-Id: I9ca1a68e45b462c9b6ac912debb196b3a3ca45ba
---
 private/compat/30.0/30.0.ignore.cil | 1 +
 private/service_contexts            | 1 +
 public/hal_weaver.te                | 3 +++
 public/service.te                   | 1 +
 vendor/hal_weaver_default.te        | 5 +++++
 5 files changed, 11 insertions(+)
 create mode 100644 vendor/hal_weaver_default.te

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 686855442..365af1f97 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -41,6 +41,7 @@
     hal_keymint_service
     hal_neuralnetworks_service
     hal_power_stats_service
+    hal_weaver_service
     keystore_compat_hal_service
     keystore2_key_contexts_file
     legacy_permission_service
diff --git a/private/service_contexts b/private/service_contexts
index 96384e2d3..2772af51f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -14,6 +14,7 @@ android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.vibrator.IVibrator/default                          u:object_r:hal_vibrator_service:s0
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0
+android.hardware.weaver.IWeaver/default                              u:object_r:hal_weaver_service:s0
 
 accessibility                             u:object_r:accessibility_service:s0
 account                                   u:object_r:account_service:s0
diff --git a/public/hal_weaver.te b/public/hal_weaver.te
index 36d1306e2..2b3498992 100644
--- a/public/hal_weaver.te
+++ b/public/hal_weaver.te
@@ -2,3 +2,6 @@
 binder_call(hal_weaver_client, hal_weaver_server)
 
 hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice)
+hal_attribute_service(hal_weaver, hal_weaver_service)
+
+binder_call(hal_weaver_server, servicemanager)
diff --git a/public/service.te b/public/service.te
index 5837951a0..3d91b7308 100644
--- a/public/service.te
+++ b/public/service.te
@@ -246,6 +246,7 @@ type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
 type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
+type hal_weaver_service, vendor_service, protected_service, service_manager_type;
 
 ###
 ### Neverallow rules
diff --git a/vendor/hal_weaver_default.te b/vendor/hal_weaver_default.te
new file mode 100644
index 000000000..0dd767982
--- /dev/null
+++ b/vendor/hal_weaver_default.te
@@ -0,0 +1,5 @@
+type hal_weaver_default, domain;
+hal_server_domain(hal_weaver_default, hal_weaver)
+
+type hal_weaver_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_weaver_default)