Add hal_vehicle_service for AIDL VHAL service.

Add selinux policy for AIDL Vehicel HAL service. This CL mostly follows https://android-review.googlesource.com/c/platform/system/sepolicy/+/1541205/. Test: Manually test on emulator, verify AIDL VHAL service is up and accessible by client. Bug: 209718034 Change-Id: Icad92e357dacea681b8539f6ebe6110a8ca8b357
2021-12-07 22:16:21 -08:00 · 2021-12-07 22:16:21 -08:00 · 78be3081e7
commit 78be3081e7
parent a1a894be50
6 changed files with 8 additions and 0 deletions
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@ -32,6 +32,7 @@
    hal_system_suspend_service
    hal_tv_tuner_service
    hal_uwb_service
+    hal_vehicle_service
    hal_wifi_hostapd_service
    hal_wifi_supplicant_service
    locale_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -1,4 +1,5 @@
 android.hardware.authsecret.IAuthSecret/default                      u:object_r:hal_authsecret_service:s0
+android.hardware.automotive.vehicle.IVehicle/default                 u:object_r:hal_vehicle_service:s0
 android.hardware.automotive.audiocontrol.IAudioControl/default       u:object_r:hal_audiocontrol_service:s0
 android.hardware.biometrics.face.IFace/default                       u:object_r:hal_face_service:s0
 android.hardware.biometrics.fingerprint.IFingerprint/default         u:object_r:hal_fingerprint_service:s0
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te
@ -4,3 +4,4 @@ binder_call(hal_vehicle_server, hal_vehicle_client)


 hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice)
+hal_attribute_service(hal_vehicle, hal_vehicle_service)
--- a/public/service.te
+++ b/public/service.te
@ -292,6 +292,7 @@ type hal_sharedsecret_service, vendor_service, protected_service, service_manage
 type hal_system_suspend_service, protected_service, service_manager_type;
 type hal_tv_tuner_service, vendor_service, protected_service, service_manager_type;
 type hal_uwb_service, vendor_service, protected_service, service_manager_type;
+type hal_vehicle_service, vendor_service, protected_service, service_manager_type;
 type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
 type hal_weaver_service, vendor_service, protected_service, service_manager_type;
 type hal_nlinterceptor_service, vendor_service, protected_service, service_manager_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -10,6 +10,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service  u:object_r:hal_can_socketcan_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service  u:object_r:hal_evs_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service)  u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-default-service u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux    u:object_r:hal_bluetooth_btlinux_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@ -8,3 +8,6 @@ init_daemon_domain(hal_vehicle_default)

 # communication with CAN bus HAL
 hal_client_domain(hal_vehicle_default, hal_can_bus)
+
+# communicate with servicemanager
+binder_call(hal_vehicle_server, servicemanager)