From c655bece6a82964ebc59e205e18891621c7b8683 Mon Sep 17 00:00:00 2001 From: Siarhei Vishniakou Date: Tue, 11 Jan 2022 23:06:14 +0000 Subject: [PATCH] Add sepolicy for IInputProcessor HAL This sepolicy is needed so that the vendor can launch a new HAL process, and then this HAL process could join the servicemanager as an impl for IInputProcessor. This HAL will be used to contain the previous impl of InputClassifier and also new features that we are going to add. Bug: 210158587 Test: use together with a HAL implementation, make sure HAL runs Change-Id: I476c215ad622ea18b4ce5cba9c07ae3257a65817 --- private/compat/32.0/32.0.ignore.cil | 1 + private/service_contexts | 1 + private/system_server.te | 1 + public/attributes | 1 + public/hal_input_processor.te | 5 +++++ public/service.te | 1 + vendor/file_contexts | 1 + vendor/hal_input_processor_default.te | 5 +++++ 8 files changed, 16 insertions(+) create mode 100644 public/hal_input_processor.te create mode 100644 vendor/hal_input_processor_default.te diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil index cddf39b64..c93c92a26 100644 --- a/private/compat/32.0/32.0.ignore.cil +++ b/private/compat/32.0/32.0.ignore.cil @@ -24,6 +24,7 @@ hal_dumpstate_service hal_graphics_composer_service hal_health_service + hal_input_processor_service hal_ir_service hal_nlinterceptor_service hal_radio_config_service diff --git a/private/service_contexts b/private/service_contexts index 4bb1a5ba3..b3371dc3d 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -10,6 +10,7 @@ android.hardware.graphics.composer3.IComposer/default u:object_r: android.hardware.health.storage.IStorage/default u:object_r:hal_health_storage_service:s0 android.hardware.health.IHealth/default u:object_r:hal_health_service:s0 android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0 +android.hardware.input.processor.IInputProcessor/default u:object_r:hal_input_processor_service:s0 android.hardware.ir.IConsumerIr/default u:object_r:hal_ir_service:s0 android.hardware.light.ILights/default u:object_r:hal_light_service:s0 android.hardware.memtrack.IMemtrack/default u:object_r:hal_memtrack_service:s0 diff --git a/private/system_server.te b/private/system_server.te index 68792e8cd..c81429d7c 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -295,6 +295,7 @@ hal_client_domain(system_server, hal_gnss) hal_client_domain(system_server, hal_graphics_allocator) hal_client_domain(system_server, hal_health) hal_client_domain(system_server, hal_input_classifier) +hal_client_domain(system_server, hal_input_processor) hal_client_domain(system_server, hal_ir) hal_client_domain(system_server, hal_light) hal_client_domain(system_server, hal_memtrack) diff --git a/public/attributes b/public/attributes index 07eecfc89..b97bffc19 100644 --- a/public/attributes +++ b/public/attributes @@ -347,6 +347,7 @@ hal_attribute(health); hal_attribute(health_storage); hal_attribute(identity); hal_attribute(input_classifier); +hal_attribute(input_processor); hal_attribute(ir); hal_attribute(keymaster); hal_attribute(keymint); diff --git a/public/hal_input_processor.te b/public/hal_input_processor.te new file mode 100644 index 000000000..77d1d707a --- /dev/null +++ b/public/hal_input_processor.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server +binder_call(hal_input_processor_client, hal_input_processor_server) +binder_call(hal_input_processor_server, servicemanager) + +hal_attribute_service(hal_input_processor, hal_input_processor_service) diff --git a/public/service.te b/public/service.te index e519297ae..7a2c7750c 100644 --- a/public/service.te +++ b/public/service.te @@ -273,6 +273,7 @@ type hal_graphics_composer_service, vendor_service, protected_service, service_m type hal_health_service, vendor_service, protected_service, service_manager_type; type hal_health_storage_service, vendor_service, protected_service, service_manager_type; type hal_identity_service, vendor_service, protected_service, service_manager_type; +type hal_input_processor_service, vendor_service, protected_service, service_manager_type; type hal_ir_service, vendor_service, protected_service, service_manager_type; type hal_keymint_service, vendor_service, protected_service, service_manager_type; type hal_light_service, vendor_service, protected_service, service_manager_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 4fc0460ac..12d86b0a7 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -51,6 +51,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage-service\.default u:object_r:hal_health_storage_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.identity-service.example u:object_r:hal_identity_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.processor-service u:object_r:hal_input_processor_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir-service\.example u:object_r:hal_ir_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0 diff --git a/vendor/hal_input_processor_default.te b/vendor/hal_input_processor_default.te new file mode 100644 index 000000000..33a5c4155 --- /dev/null +++ b/vendor/hal_input_processor_default.te @@ -0,0 +1,5 @@ +type hal_input_processor_default, domain; +hal_server_domain(hal_input_processor_default, hal_input_processor) + +type hal_input_processor_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_input_processor_default)