Merge "[avf][rkp] Allow virtualizationservice to register RKP HAL service" into main am: 7109a31496
am: 3df9e4901a
am: 47305be260
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2738393 Change-Id: Icc12780b236a978824702d73dc732860f29291b5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
426e26ea5e
5 changed files with 7 additions and 0 deletions
|
@ -174,6 +174,7 @@ var (
|
|||
"android.service.gatekeeper.IGateKeeperService": []string{"gatekeeperd_service_fuzzer"},
|
||||
"android.system.composd": EXCEPTION_NO_FUZZER,
|
||||
// TODO(b/294158658): add fuzzer
|
||||
"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
|
||||
"android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
|
||||
"android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER,
|
||||
"ambient_context": EXCEPTION_NO_FUZZER,
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
archive_service
|
||||
avf_remotelyprovisionedcomponent_service
|
||||
dtbo_block_device
|
||||
ota_build_prop
|
||||
snapuserd_log_data_file
|
||||
|
|
|
@ -91,6 +91,7 @@ android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:
|
|||
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
|
||||
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
|
||||
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
|
||||
android.hardware.security.keymint.IRemotelyProvisionedComponent/avf u:object_r:avf_remotelyprovisionedcomponent_service:s0
|
||||
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
|
||||
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
|
||||
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
|
||||
|
|
|
@ -15,6 +15,9 @@ binder_use(virtualizationservice)
|
|||
# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
|
||||
add_service(virtualizationservice, virtualization_service)
|
||||
|
||||
# Allow registering as a remotely provisioned component for pVM remote attestation.
|
||||
add_service(virtualizationservice, avf_remotelyprovisionedcomponent_service)
|
||||
|
||||
# Let virtualizationservice find and communicate with vfio_handler.
|
||||
allow virtualizationservice vfio_handler_service:service_manager find;
|
||||
binder_call(virtualizationservice, vfio_handler)
|
||||
|
|
|
@ -316,6 +316,7 @@ type hal_power_stats_service, protected_service, hal_service_type, service_manag
|
|||
type hal_radio_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_rebootescrow_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
|
||||
type avf_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
|
||||
|
|
Loading…
Reference in a new issue