Added default policy for Confirmation UI HAL am: 97c56bdd78

am: 5029fe7236 Change-Id: Ibf8666d8cd4628fcc619c5c4ee7e57b7f6cd4501
2018-01-24 20:00:46 +00:00 · 2018-01-24 20:00:46 +00:00 · a2f243dc35
commit a2f243dc35
parent e032393e9b 5029fe7236
10 changed files with 23 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -183,6 +183,7 @@ neverallow all_untrusted_apps {
  hal_bluetooth_hwservice
  hal_bootctl_hwservice
  hal_camera_hwservice
+  hal_confirmationui_hwservice
  hal_contexthub_hwservice
  hal_drm_hwservice
  hal_dumpstate_hwservice
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -37,6 +37,7 @@
    fs_bpf
    hal_broadcastradio_hwservice
    hal_cas_hwservice
+    hal_confirmationui_hwservice
    hal_lowpan_hwservice
    hal_neuralnetworks_hwservice
    hal_tetheroffload_hwservice
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@ -10,6 +10,7 @@ android.hardware.broadcastradio::IBroadcastRadio                u:object_r:hal_b
 android.hardware.broadcastradio::IBroadcastRadioFactory         u:object_r:hal_broadcastradio_hwservice:s0
 android.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 android.hardware.configstore::ISurfaceFlingerConfigs            u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
+android.hardware.confirmationui::IConfirmationUI                u:object_r:hal_confirmationui_hwservice:s0
 android.hardware.contexthub::IContexthub                        u:object_r:hal_contexthub_hwservice:s0
 android.hardware.cas::IMediaCasService                          u:object_r:hal_cas_hwservice:s0
 android.hardware.drm::ICryptoFactory                            u:object_r:hal_drm_hwservice:s0
--- a/private/keystore.te
+++ b/private/keystore.te
@ -5,6 +5,12 @@ init_daemon_domain(keystore)
 # talk to keymaster
 hal_client_domain(keystore, hal_keymaster)

+# talk to confirmationui
+hal_client_domain(keystore, hal_confirmationui)
+
+# This is used for the ConfirmationUI async callback.
+allow keystore platform_app:binder call;
+
 # Offer the Wifi Keystore HwBinder service
 typeattribute keystore wifi_keystore_service_server;
 add_hwservice(keystore, system_wifi_keystore_hwservice)
--- a/public/attributes
+++ b/public/attributes
@ -209,6 +209,7 @@ hal_attribute(bootctl);
 hal_attribute(broadcastradio);
 hal_attribute(camera);
 hal_attribute(configstore);
+hal_attribute(confirmationui);
 hal_attribute(contexthub);
 hal_attribute(drm);
 hal_attribute(cas);
--- a/public/hal_confirmationui.te
+++ b/public/hal_confirmationui.te
@ -0,0 +1,5 @@
+# HwBinder IPC from client to server
+binder_call(hal_confirmationui_client, hal_confirmationui_server)
+
+add_hwservice(hal_confirmationui_server, hal_confirmationui_hwservice)
+allow hal_confirmationui_client hal_confirmationui_hwservice:hwservice_manager find;
--- a/public/hwservice.te
+++ b/public/hwservice.te
@ -8,6 +8,7 @@ type hal_bootctl_hwservice, hwservice_manager_type;
 type hal_broadcastradio_hwservice, hwservice_manager_type;
 type hal_camera_hwservice, hwservice_manager_type;
 type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
+type hal_confirmationui_hwservice, hwservice_manager_type;
 type hal_contexthub_hwservice, hwservice_manager_type;
 type hal_drm_hwservice, hwservice_manager_type;
 type hal_cas_hwservice, hwservice_manager_type;
--- a/public/su.te
+++ b/public/su.te
@ -62,6 +62,7 @@ userdebug_or_eng(`
  typeattribute su hal_bootctl_client;
  typeattribute su hal_camera_client;
  typeattribute su hal_configstore_client;
+  typeattribute su hal_confirmationui_client;
  typeattribute su hal_contexthub_client;
  typeattribute su hal_drm_client;
  typeattribute su hal_cas_client;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -9,6 +9,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service          u:object_r:hal_camera_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-external-service          u:object_r:hal_camera_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service    u:object_r:hal_configstore_default_exec:s0
+/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service            u:object_r:hal_drm_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service            u:object_r:hal_cas_default_exec:s0
--- a/vendor/hal_confirmationui_default.te
+++ b/vendor/hal_confirmationui_default.te
@ -0,0 +1,5 @@
+type hal_confirmationui_default, domain;
+hal_server_domain(hal_confirmationui_default, hal_confirmationui)
+
+type hal_confirmationui_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_confirmationui_default)