SEPolicy for AIDL CAN HAL

CAN HAL moving to AIDL, SEPolicy will need to be adjusted. Bug: 170405615 Test: AIDL CAN HAL VTS Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
2022-11-08 08:41:04 -08:00 · 2022-11-08 08:41:04 -08:00 · eee59458c2
commit eee59458c2
parent c3802445d0
8 changed files with 14 additions and 1 deletions
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@ -29,6 +29,7 @@ var (
 		"android.hardware.authsecret.IAuthSecret/default":                         EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.evs.IEvsEnumerator/hw/0":                     EXCEPTION_NO_FUZZER,
 		"android.hardware.boot.IBootControl/default":                              EXCEPTION_NO_FUZZER,
+		"android.hardware.automotive.can.ICanController/default":                  EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.evs.IEvsEnumerator/hw/1":                     EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.remoteaccess.IRemoteAccess/default":          EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.vehicle.IVehicle/default":                    EXCEPTION_NO_FUZZER,
--- a/private/canhalconfigurator.te
+++ b/private/canhalconfigurator.te
@ -5,3 +5,6 @@ init_daemon_domain(canhalconfigurator)
 # This allows the configurator to look up the CAN HAL controller via
 # hwservice_manager and communicate with it.
 hal_client_domain(canhalconfigurator, hal_can_controller)
+
+binder_use(canhalconfigurator)
+binder_call(hal_can_controller, canhalconfigurator)
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@ -41,4 +41,5 @@
    hal_broadcastradio_service
    hal_confirmationui_service
    hal_fastboot_service
+    hal_can_controller_service
  ))
--- a/private/file_contexts
+++ b/private/file_contexts
@ -223,7 +223,7 @@
 /system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
 /system/bin/prng_seeder		u:object_r:prng_seeder_exec:s0
 /system/bin/charger		u:object_r:charger_exec:s0
-/system/bin/canhalconfigurator  u:object_r:canhalconfigurator_exec:s0
+/system/bin/canhalconfigurator(-aidl)?  u:object_r:canhalconfigurator_exec:s0
 /system/bin/e2fsdroid		u:object_r:e2fs_exec:s0
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
--- a/private/service_contexts
+++ b/private/service_contexts
@ -6,6 +6,7 @@ android.hardware.audio.effect.IFactory/default                       u:object_r:
 android.hardware.authsecret.IAuthSecret/default                      u:object_r:hal_authsecret_service:s0
 android.hardware.automotive.evs.IEvsEnumerator/hw/0                  u:object_r:hal_evs_service:s0
 android.hardware.boot.IBootControl/default                           u:object_r:hal_bootctl_service:s0
+android.hardware.automotive.can.ICanController/default               u:object_r:hal_can_controller_service:s0
 android.hardware.automotive.evs.IEvsEnumerator/hw/1                  u:object_r:hal_evs_service:s0
 android.hardware.automotive.audiocontrol.IAudioControl/default       u:object_r:hal_audiocontrol_service:s0
 android.hardware.automotive.remoteaccess.IRemoteAccess/default       u:object_r:hal_remoteaccess_service:s0
--- a/public/hal_can.te
+++ b/public/hal_can.te
@ -7,3 +7,8 @@ hal_attribute_hwservice(hal_can_controller, hal_can_controller_hwservice)
 binder_call(hal_can_bus_client, hal_can_bus_server)
 binder_call(hal_can_bus_server, hal_can_bus_client)
 hal_attribute_hwservice(hal_can_bus, hal_can_bus_hwservice)
+
+# AIDL HAL for CAN buses (ICanController)
+hal_attribute_service(hal_can_controller, hal_can_controller_service)
+binder_call(hal_can_controller, servicemanager)
+
--- a/public/service.te
+++ b/public/service.te
@ -274,6 +274,7 @@ type hal_authsecret_service, protected_service, hal_service_type, service_manage
 type hal_bootctl_service, protected_service, hal_service_type, service_manager_type;
 type hal_broadcastradio_service, protected_service, hal_service_type, service_manager_type;
 type hal_camera_service, protected_service, hal_service_type, service_manager_type;
+type hal_can_controller_service, protected_service, hal_service_type, service_manager_type;
 type hal_cas_service, hal_service_type, service_manager_type;
 type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
 type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -10,6 +10,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service    u:object_r:hal_audiocontrol_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol-service.example u:object_r:hal_audiocontrol_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service  u:object_r:hal_can_socketcan_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service  u:object_r:hal_can_socketcan_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)?          u:object_r:hal_evs_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service)  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0