From 553afe724201aae1c858a3a6d87e79c3183e6dbc Mon Sep 17 00:00:00 2001
From: ChengYou Ho <chengyouho@google.com>
Date: Fri, 25 Dec 2020 17:30:11 +0800
Subject: [PATCH] Add sepolicy for oemlock aidl HAL

Bug: 176107318
Change-Id: I26f8926401b15136f0aca79b3d5964ab3b59fbdd
---
 private/compat/30.0/30.0.ignore.cil | 1 +
 private/service_contexts            | 1 +
 public/hal_oemlock.te               | 3 +++
 public/service.te                   | 1 +
 vendor/hal_oemlock_default.te       | 5 +++++
 5 files changed, 11 insertions(+)
 create mode 100644 vendor/hal_oemlock_default.te

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 07ec8f17e..05d766c43 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -27,6 +27,7 @@
     hal_face_service
     hal_fingerprint_service
     hal_memtrack_service
+    hal_oemlock_service
     gnss_device
     hal_dumpstate_config_prop
     hal_gnss_service
diff --git a/private/service_contexts b/private/service_contexts
index 2c3047119..eff9bdf4d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -5,6 +5,7 @@ android.hardware.gnss.IGnss/default                                  u:object_r:
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.memtrack.IMemtrack/default                          u:object_r:hal_memtrack_service:s0
+android.hardware.oemlock.IOemLock/default                            u:object_r:hal_oemlock_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.power.stats.IPowerStats/default                      u:object_r:hal_power_stats_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
index 26b2b4265..9f38fa55a 100644
--- a/public/hal_oemlock.te
+++ b/public/hal_oemlock.te
@@ -2,3 +2,6 @@
 binder_call(hal_oemlock_client, hal_oemlock_server)
 
 hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
+hal_attribute_service(hal_oemlock, hal_oemlock_service)
+
+binder_call(hal_oemlock_server, servicemanager)
diff --git a/public/service.te b/public/service.te
index 34631282a..c7eabc84c 100644
--- a/public/service.te
+++ b/public/service.te
@@ -232,6 +232,7 @@ type hal_identity_service, vendor_service, protected_service, service_manager_ty
 type hal_keymint_service, vendor_service, protected_service, service_manager_type;
 type hal_light_service, vendor_service, protected_service, service_manager_type;
 type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
 type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/hal_oemlock_default.te b/vendor/hal_oemlock_default.te
new file mode 100644
index 000000000..8597f2c6f
--- /dev/null
+++ b/vendor/hal_oemlock_default.te
@@ -0,0 +1,5 @@
+type hal_oemlock_default, domain;
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_default)