Composer stable AIDL HAL sepolicy

Test: build + presubmit Bug: 198690444 Change-Id: I6a26823c4ad363d137526c96580b05363d0ac894
2021-10-19 17:09:30 -07:00 · 2021-10-19 17:09:30 -07:00 · 7ed18e6d66
commit 7ed18e6d66
parent df28371462
5 changed files with 9 additions and 0 deletions
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@ -12,6 +12,7 @@
    extra_free_kbytes
    extra_free_kbytes_exec
    hal_contexthub_service
+    hal_graphics_composer_service
    hal_sensors_service
    hal_system_suspend_service
    hal_tv_tuner_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -4,6 +4,7 @@ android.hardware.biometrics.face.IFace/default                       u:object_r:
 android.hardware.biometrics.fingerprint.IFingerprint/default         u:object_r:hal_fingerprint_service:s0
 android.hardware.contexthub.IContextHub/default                      u:object_r:hal_contexthub_service:s0
 android.hardware.gnss.IGnss/default                                  u:object_r:hal_gnss_service:s0
+android.hardware.graphics.composer3.IComposer/default                u:object_r:hal_graphics_composer_service:s0
 android.hardware.health.storage.IStorage/default                     u:object_r:hal_health_storage_service:s0
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
@ -30,3 +30,8 @@ allow hal_graphics_composer appdomain:fd use;

 # allow self to set SCHED_FIFO
 allow hal_graphics_composer self:global_capability_class_set sys_nice;
+
+binder_call(hal_graphics_composer_client, servicemanager)
+binder_call(hal_graphics_composer_server, servicemanager)
+
+hal_attribute_service(hal_graphics_composer, hal_graphics_composer_service)
--- a/public/service.te
+++ b/public/service.te
@ -260,6 +260,7 @@ type hal_contexthub_service, vendor_service, protected_service, service_manager_
 type hal_face_service, vendor_service, protected_service, service_manager_type;
 type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
 type hal_gnss_service, vendor_service, protected_service, service_manager_type;
+type hal_graphics_composer_service, vendor_service, protected_service, service_manager_type;
 type hal_health_storage_service, vendor_service, protected_service, service_manager_type;
 type hal_identity_service, vendor_service, protected_service, service_manager_type;
 type hal_keymint_service, vendor_service, protected_service, service_manager_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -40,6 +40,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@3\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@[0-9]\.[0-9]-service    u:object_r:hal_graphics_composer_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer3-service\.example       u:object_r:hal_graphics_composer_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service         u:object_r:hal_health_default_exec:s0