Merge "Add SELinux policy for Identity Credential HAL"

am: a5527b4e46

Change-Id: I902e175a5d6aa8607018878bbc60cededb03144a
This commit is contained in:
David Zeuthen 2020-01-15 15:22:15 -08:00 committed by android-build-merger
commit 8924b794a7
7 changed files with 14 additions and 0 deletions

View file

@ -32,6 +32,7 @@
gmscore_app gmscore_app
hal_can_bus_hwservice hal_can_bus_hwservice
hal_can_controller_hwservice hal_can_controller_hwservice
hal_identity_hwservice
hal_rebootescrow_service hal_rebootescrow_service
hal_tv_tuner_hwservice hal_tv_tuner_hwservice
hal_vibrator_service hal_vibrator_service

View file

@ -24,6 +24,7 @@ android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_b
android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0 android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0
android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0 android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0 android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
android.hardware.identity::IIdentityCredentialStore u:object_r:hal_identity_hwservice:s0
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0 android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0 android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0 android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0

View file

@ -313,6 +313,7 @@ hal_attribute(graphics_allocator);
hal_attribute(graphics_composer); hal_attribute(graphics_composer);
hal_attribute(health); hal_attribute(health);
hal_attribute(health_storage); hal_attribute(health_storage);
hal_attribute(identity);
hal_attribute(input_classifier); hal_attribute(input_classifier);
hal_attribute(ir); hal_attribute(ir);
hal_attribute(keymaster); hal_attribute(keymaster);

4
public/hal_identity.te Normal file
View file

@ -0,0 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_identity_client, hal_identity_server)
hal_attribute_hwservice(hal_identity, hal_identity_hwservice)

View file

@ -27,6 +27,7 @@ type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice;
type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice; type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice;
type hal_health_hwservice, hwservice_manager_type, protected_hwservice; type hal_health_hwservice, hwservice_manager_type, protected_hwservice;
type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice; type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice;
type hal_identity_hwservice, hwservice_manager_type, protected_hwservice;
type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice; type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice;
type hal_ir_hwservice, hwservice_manager_type, protected_hwservice; type hal_ir_hwservice, hwservice_manager_type, protected_hwservice;
type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice; type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice;

View file

@ -35,6 +35,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.identity@1\.0-service.example u:object_r:hal_identity_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0

5
vendor/hal_identity_default.te vendored Normal file
View file

@ -0,0 +1,5 @@
type hal_identity_default, domain;
hal_server_domain(hal_identity_default, hal_identity)
type hal_identity_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_identity_default)