diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil index 3beb2475c..606cdafc3 100644 --- a/private/compat/33.0/33.0.ignore.cil +++ b/private/compat/33.0/33.0.ignore.cil @@ -6,6 +6,7 @@ (typeattributeset new_objects ( new_objects device_config_vendor_system_native_prop + hal_bootctl_service virtual_face_hal_prop virtual_fingerprint_hal_prop )) diff --git a/private/service_contexts b/private/service_contexts index 109415161..247f22f65 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -2,6 +2,7 @@ android.hardware.audio.core.IConfig/default u:object_r: android.hardware.audio.core.IModule/default u:object_r:hal_audio_service:s0 android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0 android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0 +android.hardware.boot.IBootControl/default u:object_r:hal_bootctl_service:s0 android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0 android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0 android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0 diff --git a/private/update_engine.te b/private/update_engine.te index c3f575f65..8d6341c27 100644 --- a/private/update_engine.te +++ b/private/update_engine.te @@ -30,3 +30,7 @@ get_prop(update_engine, snapuserd_prop) # capex decompression allow update_engine apex_service:service_manager find; binder_call(update_engine, apexd) + +# let this domain use the hal service +binder_use(update_engine) +hal_client_domain(update_engine, hal_bootctl) diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te index a1f3d7fe4..1ef10a7ac 100644 --- a/public/hal_bootctl.te +++ b/public/hal_bootctl.te @@ -1,6 +1,7 @@ # HwBinder IPC from client to server, and callbacks binder_call(hal_bootctl_client, hal_bootctl_server) binder_call(hal_bootctl_server, hal_bootctl_client) +binder_use(hal_bootctl_server) hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice) allow hal_bootctl_server proc_bootconfig:file r_file_perms; diff --git a/public/service.te b/public/service.te index 8dc3e04d0..97dddc106 100644 --- a/public/service.te +++ b/public/service.te @@ -269,6 +269,7 @@ type emergency_affordance_service, system_server_service, service_manager_type; type hal_audio_service, vendor_service, protected_service, hal_service_type, service_manager_type; type hal_audiocontrol_service, vendor_service, hal_service_type, service_manager_type; type hal_authsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type; +type hal_bootctl_service, vendor_service, protected_service, hal_service_type, service_manager_type; type hal_camera_service, vendor_service, protected_service, hal_service_type, service_manager_type; type hal_contexthub_service, vendor_service, protected_service, hal_service_type, service_manager_type; type hal_dice_service, vendor_service, protected_service, hal_service_type, service_manager_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 392a750fd..dd1e4a1ce 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -20,6 +20,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.2-service\.example u:object_r:hal_fingerprint_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.boot-service.default u:object_r:hal_bootctl_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service u:object_r:hal_camera_default_exec:s0