From 2c3bdb28de953ee1c76fd51e461a144b4091cbc1 Mon Sep 17 00:00:00 2001
From: Selene Huang <seleneh@google.com>
Date: Tue, 18 Aug 2020 17:54:56 -0700
Subject: [PATCH] Move keymint to android.hardware.security.

Test: VtsAidlKeyMintTargetTest
Change-Id: I098711e7ddbcac0fc761801a1bf582a71a8f9baa
---
 private/compat/30.0/30.0.ignore.cil | 1 +
 private/service_contexts            | 1 +
 public/attributes                   | 1 +
 public/hal_keymint.te               | 6 ++++++
 public/service.te                   | 1 +
 vendor/file_contexts                | 1 +
 vendor/hal_keymint_default.te       | 7 +++++++
 7 files changed, 18 insertions(+)
 create mode 100644 public/hal_keymint.te
 create mode 100644 vendor/hal_keymint_default.te

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 15e4c5177..a19361c1b 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -26,6 +26,7 @@
     hal_dumpstate_config_prop
     hal_gnss_service
     hal_power_stats_service
+    hal_keymint_service
     keystore2_key_contexts_file
     legacy_permission_service
     location_time_zone_manager_service
diff --git a/private/service_contexts b/private/service_contexts
index 91da6374e..60890c4f2 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -3,6 +3,7 @@ android.hardware.biometrics.face.IFace/default                       u:object_r:
 android.hardware.biometrics.fingerprint.IFingerprint/default         u:object_r:hal_fingerprint_service:s0
 android.hardware.gnss.IGnss/default                                  u:object_r:hal_gnss_service:s0
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
+android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.power.stats.IPowerStats/default                      u:object_r:hal_power_stats_service:s0
diff --git a/public/attributes b/public/attributes
index 4f477f468..5b0d019b2 100644
--- a/public/attributes
+++ b/public/attributes
@@ -334,6 +334,7 @@ hal_attribute(identity);
 hal_attribute(input_classifier);
 hal_attribute(ir);
 hal_attribute(keymaster);
+hal_attribute(keymint);
 hal_attribute(light);
 hal_attribute(lowpan);
 hal_attribute(memtrack);
diff --git a/public/hal_keymint.te b/public/hal_keymint.te
new file mode 100644
index 000000000..cd9b5b55d
--- /dev/null
+++ b/public/hal_keymint.te
@@ -0,0 +1,6 @@
+binder_call(hal_keymint_client, hal_keymint_server)
+
+add_service(hal_keymint_server, hal_keymint_service)
+binder_call(hal_keymint_server, servicemanager)
+
+allow hal_keymint_client hal_keymint_service:service_manager find;
diff --git a/public/service.te b/public/service.te
index 3c09ff869..9159e6b3f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -225,6 +225,7 @@ type hal_face_service, vendor_service, protected_service, service_manager_type;
 type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
 type hal_gnss_service, vendor_service, protected_service, service_manager_type;
 type hal_identity_service, vendor_service, protected_service, service_manager_type;
+type hal_keymint_service, vendor_service, protected_service, service_manager_type;
 type hal_light_service, vendor_service, protected_service, service_manager_type;
 type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 084975fdb..49ba2726d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -49,6 +49,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service      u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service    u:object_r:hal_keymint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service-lazy     u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.example     u:object_r:hal_light_default_exec:s0
diff --git a/vendor/hal_keymint_default.te b/vendor/hal_keymint_default.te
new file mode 100644
index 000000000..d86b7b4a5
--- /dev/null
+++ b/vendor/hal_keymint_default.te
@@ -0,0 +1,7 @@
+type hal_keymint_default, domain;
+hal_server_domain(hal_keymint_default, hal_keymint)
+
+type hal_keymint_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymint_default)
+
+get_prop(hal_keymint_default, vendor_security_patch_level_prop);