authsecret HAL policies.

Bug: 71527305 Test: compile and boot Change-Id: I91097bd62d99b8dd9eb6f53060badbaf0f4b8b4a (cherry picked from commit 1aedf4b5f8)
2018-01-10 16:11:46 +00:00 · 2018-01-10 16:11:46 +00:00 · 64f35fa01e
commit 64f35fa01e
parent 5d422a305d
9 changed files with 17 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -180,6 +180,7 @@ neverallow all_untrusted_apps {
 neverallow all_untrusted_apps {
  default_android_hwservice
  hal_audio_hwservice
+  hal_authsecret_hwservice
  hal_bluetooth_hwservice
  hal_bootctl_hwservice
  hal_camera_hwservice
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -35,6 +35,7 @@
    exported3_default_prop
    exported3_system_prop
    fs_bpf
+    hal_authsecret_hwservice
    hal_broadcastradio_hwservice
    hal_cas_hwservice
    hal_confirmationui_hwservice
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@ -3,6 +3,7 @@ android.frameworks.schedulerservice::ISchedulingPolicyService   u:object_r:fwk_s
 android.frameworks.sensorservice::ISensorManager                u:object_r:fwk_sensor_hwservice:s0
 android.hardware.audio.effect::IEffectsFactory                  u:object_r:hal_audio_hwservice:s0
 android.hardware.audio::IDevicesFactory                         u:object_r:hal_audio_hwservice:s0
+android.hardware.authsecret::IAuthSecret                        u:object_r:hal_authsecret_hwservice:s0
 android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
 android.hardware.bluetooth::IBluetoothHci                       u:object_r:hal_bluetooth_hwservice:s0
 android.hardware.boot::IBootControl                             u:object_r:hal_bootctl_hwservice:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -179,6 +179,7 @@ binder_service(system_server)

 # Use HALs
 hal_client_domain(system_server, hal_allocator)
+hal_client_domain(system_server, hal_authsecret)
 hal_client_domain(system_server, hal_broadcastradio)
 hal_client_domain(system_server, hal_configstore)
 hal_client_domain(system_server, hal_contexthub)
--- a/public/attributes
+++ b/public/attributes
@ -206,6 +206,7 @@ expandattribute halclientdomain true;
 # HALs
 hal_attribute(allocator);
 hal_attribute(audio);
+hal_attribute(authsecret);
 hal_attribute(bluetooth);
 hal_attribute(bootctl);
 hal_attribute(broadcastradio);
--- a/public/hal_authsecret.te
+++ b/public/hal_authsecret.te
@ -0,0 +1,5 @@
+# HwBinder IPC from client to server
+binder_call(hal_authsecret_client, hal_authsecret_server)
+
+add_hwservice(hal_authsecret_server, hal_authsecret_hwservice)
+allow hal_authsecret_client hal_authsecret_hwservice:hwservice_manager find;
--- a/public/hwservice.te
+++ b/public/hwservice.te
@ -3,6 +3,7 @@ type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
 type hal_audio_hwservice, hwservice_manager_type;
+type hal_authsecret_hwservice, hwservice_manager_type;
 type hal_bluetooth_hwservice, hwservice_manager_type;
 type hal_bootctl_hwservice, hwservice_manager_type;
 type hal_broadcastradio_hwservice, hwservice_manager_type;
--- a/public/su.te
+++ b/public/su.te
@ -58,6 +58,7 @@ userdebug_or_eng(`
  typeattribute su halclientdomain;
  typeattribute su hal_allocator_client;
  typeattribute su hal_audio_client;
+  typeattribute su hal_authsecret_client;
  typeattribute su hal_bluetooth_client;
  typeattribute su hal_bootctl_client;
  typeattribute su hal_camera_client;
--- a/vendor/hal_authsecret_default.te
+++ b/vendor/hal_authsecret_default.te
@ -0,0 +1,5 @@
+type hal_authsecret_default, domain;
+hal_server_domain(hal_authsecret_default, hal_authsecret)
+
+type hal_authsecret_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_authsecret_default)