Add sepolicy for oemlock aidl HAL

Bug: 176107318 Change-Id: I26f8926401b15136f0aca79b3d5964ab3b59fbdd
2020-12-25 17:30:11 +08:00 · 2020-12-25 17:30:11 +08:00 · 553afe7242
commit 553afe7242
parent b46e956d97
5 changed files with 11 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -27,6 +27,7 @@
    hal_face_service
    hal_fingerprint_service
    hal_memtrack_service
+    hal_oemlock_service
    gnss_device
    hal_dumpstate_config_prop
    hal_gnss_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -5,6 +5,7 @@ android.hardware.gnss.IGnss/default                                  u:object_r:
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.memtrack.IMemtrack/default                          u:object_r:hal_memtrack_service:s0
+android.hardware.oemlock.IOemLock/default                            u:object_r:hal_oemlock_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.power.stats.IPowerStats/default                      u:object_r:hal_power_stats_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
--- a/public/hal_oemlock.te
+++ b/public/hal_oemlock.te
@ -2,3 +2,6 @@
 binder_call(hal_oemlock_client, hal_oemlock_server)

 hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
+hal_attribute_service(hal_oemlock, hal_oemlock_service)
+
+binder_call(hal_oemlock_server, servicemanager)
--- a/public/service.te
+++ b/public/service.te
@ -232,6 +232,7 @@ type hal_identity_service, vendor_service, protected_service, service_manager_ty
 type hal_keymint_service, vendor_service, protected_service, service_manager_type;
 type hal_light_service, vendor_service, protected_service, service_manager_type;
 type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
 type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
--- a/vendor/hal_oemlock_default.te
+++ b/vendor/hal_oemlock_default.te
@ -0,0 +1,5 @@
+type hal_oemlock_default, domain;
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_default)