From e9b2def7965f8ce65a0315da342cf8968bada1d1 Mon Sep 17 00:00:00 2001 From: Todd Poynor Date: Fri, 9 Jun 2017 11:27:08 -0700 Subject: [PATCH] thermal: sepolicy for thermalservice and Thermal HAL revision 1.1 Add sepolicy for thermalserviced daemon, IThermalService binder service, IThermalCallback hwservice, and Thermal HAL revision 1.1. Test: manual: marlin with modified thermal-engine.conf Bug: 30982366 Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9 (cherry picked from commit ec3b6b7e25f709fcc9c177beebafae885d641f6d) --- prebuilts/api/26.0/26.0.ignore.cil | 4 ++++ private/file_contexts | 1 + private/hwservice_contexts | 1 + private/service_contexts | 1 + private/thermalserviced.te | 4 ++++ public/hwservice.te | 1 + public/service.te | 1 + public/thermalserviced.te | 11 +++++++++++ vendor/file_contexts | 2 +- 9 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 private/thermalserviced.te create mode 100644 public/thermalserviced.te diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil index e713bc1ca..d09ce852b 100644 --- a/prebuilts/api/26.0/26.0.ignore.cil +++ b/prebuilts/api/26.0/26.0.ignore.cil @@ -15,5 +15,9 @@ netd_stable_secret_prop sysfs_fs_ext4_features system_net_netd_hwservice + thermal_service + thermalcallback_hwservice + thermalserviced + thermalserviced_exec timezone_service tombstoned_java_trace_socket)) diff --git a/private/file_contexts b/private/file_contexts index 876a17b0b..7f9f5129e 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -257,6 +257,7 @@ /system/bin/update_engine u:object_r:update_engine_exec:s0 /system/bin/bspatch u:object_r:update_engine_exec:s0 /system/bin/storaged u:object_r:storaged_exec:s0 +/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0 /system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0 /system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0 /system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 diff --git a/private/hwservice_contexts b/private/hwservice_contexts index 40c33d90f..107e48392 100644 --- a/private/hwservice_contexts +++ b/private/hwservice_contexts @@ -37,6 +37,7 @@ android.hardware.renderscript::IDevice u:object_r:hal_r android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0 android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0 android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0 +android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0 android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0 android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0 android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0 diff --git a/private/service_contexts b/private/service_contexts index c6c7ec081..1cb7c58dc 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -149,6 +149,7 @@ telephony.registry u:object_r:registry_service:s0 textclassification u:object_r:textclassification_service:s0 textservices u:object_r:textservices_service:s0 timezone u:object_r:timezone_service:s0 +thermalservice u:object_r:thermal_service:s0 trust u:object_r:trust_service:s0 tv_input u:object_r:tv_input_service:s0 uimode u:object_r:uimode_service:s0 diff --git a/private/thermalserviced.te b/private/thermalserviced.te new file mode 100644 index 000000000..1a09e203e --- /dev/null +++ b/private/thermalserviced.te @@ -0,0 +1,4 @@ +typeattribute thermalserviced coredomain; + +init_daemon_domain(thermalserviced) + diff --git a/public/hwservice.te b/public/hwservice.te index 4daac3104..1b11678df 100644 --- a/public/hwservice.te +++ b/public/hwservice.te @@ -48,3 +48,4 @@ type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice; type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice; type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice; type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice; +type thermalcallback_hwservice, hwservice_manager_type; diff --git a/public/service.te b/public/service.te index 5722e25fb..a4a420f0e 100644 --- a/public/service.te +++ b/public/service.te @@ -24,6 +24,7 @@ type radio_service, service_manager_type; type storaged_service, service_manager_type; type surfaceflinger_service, service_manager_type; type system_app_service, service_manager_type; +type thermal_service, service_manager_type; type update_engine_service, service_manager_type; type virtual_touchpad_service, service_manager_type; type vr_hwc_service, service_manager_type; diff --git a/public/thermalserviced.te b/public/thermalserviced.te new file mode 100644 index 000000000..5b6025cea --- /dev/null +++ b/public/thermalserviced.te @@ -0,0 +1,11 @@ +# thermalserviced -- thermal management services for system and vendor +type thermalserviced, domain; +type thermalserviced_exec, exec_type, file_type; + +binder_use(thermalserviced) +binder_service(thermalserviced) +add_service(thermalserviced, thermal_service) + +hwbinder_use(thermalserviced) +hal_client_domain(thermalserviced, hal_thermal) +add_hwservice(thermalserviced, thermalcallback_hwservice) diff --git a/vendor/file_contexts b/vendor/file_contexts index da5cbf581..08cc068d2 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -25,7 +25,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0 /(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service u:object_r:hal_thermal_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0