Merge "Add sepolicy for non-secure AuthGraph impl" into main
This commit is contained in:
commit
daa1cec849
10 changed files with 20 additions and 0 deletions
|
@ -114,6 +114,7 @@ var (
|
|||
"android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
|
||||
"android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
dtbo_block_device
|
||||
ota_build_prop
|
||||
snapuserd_log_data_file
|
||||
hal_authgraph_service
|
||||
hal_codec2_service
|
||||
hal_threadnetwork_service
|
||||
virtual_camera_service
|
||||
|
|
|
@ -89,6 +89,7 @@ android.hardware.radio.voice.IRadioVoice/slot1 u:object_r:
|
|||
android.hardware.radio.voice.IRadioVoice/slot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
|
||||
android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure u:object_r:hal_authgraph_service:s0
|
||||
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
|
||||
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
|
||||
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
|
||||
|
|
|
@ -306,6 +306,7 @@ binder_service(system_server)
|
|||
# Use HALs
|
||||
hal_client_domain(system_server, hal_allocator)
|
||||
hal_client_domain(system_server, hal_audio)
|
||||
hal_client_domain(system_server, hal_authgraph)
|
||||
hal_client_domain(system_server, hal_authsecret)
|
||||
hal_client_domain(system_server, hal_broadcastradio)
|
||||
hal_client_domain(system_server, hal_codec2)
|
||||
|
|
|
@ -331,6 +331,7 @@ hal_attribute(allocator);
|
|||
hal_attribute(atrace);
|
||||
hal_attribute(audio);
|
||||
hal_attribute(audiocontrol);
|
||||
hal_attribute(authgraph);
|
||||
hal_attribute(authsecret);
|
||||
hal_attribute(bluetooth);
|
||||
hal_attribute(bootctl);
|
||||
|
|
|
@ -151,6 +151,7 @@ binder_call(dumpstate, { appdomain artd netd wificond })
|
|||
# Allow dumpstate to call dump() on specific hals.
|
||||
dump_hal(hal_audio)
|
||||
dump_hal(hal_audiocontrol)
|
||||
dump_hal(hal_authgraph)
|
||||
dump_hal(hal_authsecret)
|
||||
dump_hal(hal_bluetooth)
|
||||
dump_hal(hal_broadcastradio)
|
||||
|
|
7
public/hal_authgraph.te
Normal file
7
public/hal_authgraph.te
Normal file
|
@ -0,0 +1,7 @@
|
|||
binder_call(hal_authgraph_client, hal_authgraph_server)
|
||||
|
||||
hal_attribute_service(hal_authgraph, hal_authgraph_service)
|
||||
binder_call(hal_authgraph_server, servicemanager)
|
||||
|
||||
allow hal_authgraph_server tee_device:chr_file rw_file_perms;
|
||||
allow hal_authgraph_server ion_device:chr_file r_file_perms;
|
|
@ -280,6 +280,7 @@ type emergency_affordance_service, system_server_service, service_manager_type;
|
|||
|
||||
type hal_audio_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_audiocontrol_service, hal_service_type, service_manager_type;
|
||||
type hal_authgraph_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_authsecret_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_bluetooth_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_bootctl_service, protected_service, hal_service_type, service_manager_type;
|
||||
|
|
1
vendor/file_contexts
vendored
1
vendor/file_contexts
vendored
|
@ -97,6 +97,7 @@
|
|||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure u:object_r:hal_authgraph_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
|
||||
|
|
5
vendor/hal_authgraph_default.te
vendored
Normal file
5
vendor/hal_authgraph_default.te
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
type hal_authgraph_default, domain;
|
||||
hal_server_domain(hal_authgraph_default, hal_authgraph)
|
||||
|
||||
type hal_authgraph_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_authgraph_default)
|
Loading…
Reference in a new issue