hal_power: Add sepolicy for power service.

Bug: 31177288 Test: reduced sepolicy errors Change-Id: I29556276ee14c341ac8f472875e6b69f903851ff Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
2016-10-21 08:53:11 -07:00 · 2016-10-21 08:53:11 -07:00 · 3c30c4e2db
commit 3c30c4e2db
parent 1ec710c8ff
4 changed files with 10 additions and 0 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -224,6 +224,7 @@
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
+/system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0
--- a/private/hal_power.te
+++ b/private/hal_power.te
@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_power)
--- a/public/hal_power.te
+++ b/public/hal_power.te
@ -0,0 +1,6 @@
+# power subsystem
+type hal_power, domain;
+type hal_power_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_power);
--- a/public/system_server.te
+++ b/public/system_server.te
@ -149,6 +149,7 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 binder_use(system_server)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_light)
+binder_call(system_server, hal_power)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)