tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Define sepolicy for ivn HAL.

Browse source 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
This commit is contained in:
Yu Shan 2023-04-10 17:33:12 -07:00
parent afb616d349
commit 9eb72464b5
8 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
build/soong/service_fuzzer_bindings.go
View file

@ -39,6 +39,7 @@ var (
"android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,

1
private/compat/33.0/33.0.ignore.cil
View file

@ -29,6 +29,7 @@
hal_bluetooth_service
hal_bootctl_service
hal_cas_service
hal_ivn_service
hal_remoteaccess_service
hal_secure_element_service
hal_tetheroffload_service

1
private/service_contexts
View file

@ -20,6 +20,7 @@ android.hardware.boot.IBootControl/default u:object_r:
android.hardware.automotive.can.ICanController/default u:object_r:hal_can_controller_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
android.hardware.automotive.ivn.IIvnAndroidDevice/default u:object_r:hal_ivn_service:s0
android.hardware.automotive.remoteaccess.IRemoteAccess/default u:object_r:hal_remoteaccess_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0

1
public/attributes
View file

@ -352,6 +352,7 @@ hal_attribute(identity);
hal_attribute(input_classifier);
hal_attribute(input_processor);
hal_attribute(ir);
hal_attribute(ivn);
hal_attribute(keymaster);
hal_attribute(keymint);
hal_attribute(light);

4
public/hal_ivn.te Normal file
View file

@ -0,0 +1,4 @@
# HwBinder IPC from client to server, and callbacks
binder_call(hal_ivn_client, hal_ivn_server)
hal_attribute_service(hal_ivn, hal_ivn_service)

1
public/service.te
View file

@ -296,6 +296,7 @@ type hal_health_storage_service, protected_service, hal_service_type, service_ma
type hal_identity_service, protected_service, hal_service_type, service_manager_type;
type hal_input_processor_service, protected_service, hal_service_type, service_manager_type;
type hal_ir_service, protected_service, hal_service_type, service_manager_type;
type hal_ivn_service, protected_service, hal_service_type, service_manager_type;
type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
type hal_light_service, protected_service, hal_service_type, service_manager_type;
type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;

1
vendor/file_contexts vendored
View file

@ -12,6 +12,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.ivn@V1-(.*)-service u:object_r:hal_ivn_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0

9
vendor/hal_ivn_default.te vendored Normal file
View file

@ -0,0 +1,9 @@
type hal_ivn_default, domain;
hal_server_domain(hal_ivn_default, hal_ivn)
# May be started by init
type hal_ivn_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_ivn_default)
# Allow registering with service manager.
binder_call(hal_ivn_default, servicemanager)