Move automotive HALs sepolicy to system/

Bug: 70637118 Test: build, flash and boot automotive builds Change-Id: I6db23258de30174d6db09d241e91b08aa5afedef Merged-In: I6db23258de30174d6db09d241e91b08aa5afedef (cherry picked from commit 394dbe34a0)
2018-04-10 14:07:14 -07:00 · 2018-04-10 14:07:14 -07:00 · 43e172af66
commit 43e172af66
parent 19a74ec88a
12 changed files with 57 additions and 0 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -44,16 +44,19 @@
    exported3_radio_prop
    exported3_system_prop
    fs_bpf
+    hal_audiocontrol_hwservice
    hal_authsecret_hwservice
    hal_broadcastradio_hwservice
    hal_cas_hwservice
    hal_codec2_hwservice
    hal_confirmationui_hwservice
+    hal_evs_hwservice
    hal_lowpan_hwservice
    hal_neuralnetworks_hwservice
    hal_secure_element_hwservice
    hal_tetheroffload_hwservice
    hal_usb_gadget_hwservice
+    hal_vehicle_hwservice
    hal_wifi_hostapd_hwservice
    hal_wifi_offload_hwservice
    incident_helper
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -41,12 +41,15 @@
    exported_wifi_prop
    fingerprint_vendor_data_file
    fs_bpf
+    hal_audiocontrol_hwservice
    hal_authsecret_hwservice
    hal_codec2_hwservice
    hal_confirmationui_hwservice
+    hal_evs_hwservice
    hal_lowpan_hwservice
    hal_secure_element_hwservice
    hal_usb_gadget_hwservice
+    hal_vehicle_hwservice
    hal_wifi_hostapd_hwservice
    incident_helper
    incident_helper_exec
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@ -4,6 +4,9 @@ android.frameworks.sensorservice::ISensorManager                u:object_r:fwk_s
 android.hardware.audio.effect::IEffectsFactory                  u:object_r:hal_audio_hwservice:s0
 android.hardware.audio::IDevicesFactory                         u:object_r:hal_audio_hwservice:s0
 android.hardware.authsecret::IAuthSecret                        u:object_r:hal_authsecret_hwservice:s0
+android.hardware.automotive.audiocontrol::IAudioControl         u:object_r:hal_audiocontrol_hwservice:s0
+android.hardware.automotive.evs::IEvsEnumerator                 u:object_r:hal_evs_hwservice:s0
+android.hardware.automotive.vehicle::IVehicle                   u:object_r:hal_vehicle_hwservice:s0
 android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
 android.hardware.bluetooth::IBluetoothHci                       u:object_r:hal_bluetooth_hwservice:s0
 android.hardware.bluetooth.a2dp::IBluetoothAudioOffload         u:object_r:hal_audio_hwservice:s0
--- a/public/attributes
+++ b/public/attributes
@ -248,6 +248,7 @@ expandattribute hal_cas_server false;

 # HALs
 hal_attribute(allocator);
+hal_attribute(audiocontrol);
 hal_attribute(authsecret);
 hal_attribute(bluetooth);
 hal_attribute(broadcastradio);
@ -255,6 +256,7 @@ hal_attribute(configstore);
 hal_attribute(confirmationui);
 hal_attribute(contexthub);
 hal_attribute(dumpstate);
+hal_attribute(evs);
 hal_attribute(fingerprint);
 hal_attribute(gatekeeper);
 hal_attribute(gnss);
@ -279,6 +281,7 @@ hal_attribute(tv_cec);
 hal_attribute(tv_input);
 hal_attribute(usb);
 hal_attribute(usb_gadget);
+hal_attribute(vehicle);
 hal_attribute(vibrator);
 hal_attribute(vr);
 hal_attribute(weaver);
--- a/public/hal_audiocontrol.te
+++ b/public/hal_audiocontrol.te
@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_audiocontrol_client, hal_audiocontrol_server)
+binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
+
+add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@ -0,0 +1,5 @@
+hwbinder_use(hal_evs_client)
+hwbinder_use(hal_evs_server)
+binder_call(hal_evs_client, hal_evs_server)
+binder_call(hal_evs_server, hal_evs_client)
+
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te
@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_vehicle_client, hal_vehicle_server)
+binder_call(hal_vehicle_server, hal_vehicle_client)
+
+add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
--- a/public/hwservice.te
+++ b/public/hwservice.te
@ -2,6 +2,7 @@ type default_android_hwservice, hwservice_manager_type;
 type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hal_audiocontrol_hwservice, hwservice_manager_type;
 type hal_audio_hwservice, hwservice_manager_type;
 type hal_authsecret_hwservice, hwservice_manager_type;
 type hal_bluetooth_hwservice, hwservice_manager_type;
@ -15,6 +16,7 @@ type hal_contexthub_hwservice, hwservice_manager_type;
 type hal_drm_hwservice, hwservice_manager_type;
 type hal_cas_hwservice, hwservice_manager_type;
 type hal_dumpstate_hwservice, hwservice_manager_type;
+type hal_evs_hwservice, hwservice_manager_type;
 type hal_fingerprint_hwservice, hwservice_manager_type;
 type hal_gatekeeper_hwservice, hwservice_manager_type;
 type hal_gnss_hwservice, hwservice_manager_type;
@ -42,6 +44,7 @@ type hal_tv_cec_hwservice, hwservice_manager_type;
 type hal_tv_input_hwservice, hwservice_manager_type;
 type hal_usb_hwservice, hwservice_manager_type;
 type hal_usb_gadget_hwservice, hwservice_manager_type;
+type hal_vehicle_hwservice, hwservice_manager_type;
 type hal_vibrator_hwservice, hwservice_manager_type;
 type hal_vr_hwservice, hwservice_manager_type;
 type hal_weaver_hwservice, hwservice_manager_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -2,6 +2,9 @@
 # Default HALs
 #
 /(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service  u:object_r:hal_audiocontrol_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service  u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_bootctl_default_exec:s0
--- a/vendor/hal_audiocontrol_default.te
+++ b/vendor/hal_audiocontrol_default.te
@ -0,0 +1,7 @@
+# audiocontrol subsystem
+type hal_audiocontrol_default, domain;
+hal_server_domain(hal_audiocontrol_default, hal_audiocontrol)
+
+# may be started by init
+type hal_audiocontrol_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_audiocontrol_default)
--- a/vendor/hal_evs_default.te
+++ b/vendor/hal_evs_default.te
@ -0,0 +1,10 @@
+# evs_mock mock hardware driver service
+type hal_evs_default, domain;
+hal_server_domain(hal_evs_default, hal_evs)
+
+# allow init to launch processes in this context
+type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_evs_default)
+
+allow hal_evs_default hal_graphics_allocator_default:fd use;
+
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@ -0,0 +1,7 @@
+# vehicle subsystem
+type hal_vehicle_default, domain;
+hal_server_domain(hal_vehicle_default, hal_vehicle)
+
+# may be started by init
+type hal_vehicle_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vehicle_default)