Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration

Covers the rules needed for the default AIDL implementation. 10-26 10:22:42.408 448 448 I auditd : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0 Bug: 218791946 Test: reboot and check if AIDL service is running. Signed-off-by: Ricky Niu <rickyniu@google.com> Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
2022-09-28 17:53:48 +08:00 · 2022-09-28 17:53:48 +08:00 · fc1463c164
commit fc1463c164
parent 6a80e5c6fd
6 changed files with 9 additions and 1 deletions
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@ -91,6 +91,7 @@ var (
 		"android.hardware.tv.input.ITvInput/default":                              []string{},
 		"android.hardware.tv.tuner.ITuner/default":                                []string{},
 		"android.hardware.usb.IUsb/default":                                       []string{},
+		"android.hardware.usb.gadget.IUsbGadget/default":                          []string{},
 		"android.hardware.uwb.IUwb/default":                                       []string{},
 		"android.hardware.vibrator.IVibrator/default":                             []string{},
 		"android.hardware.vibrator.IVibratorManager/default":                      []string{"android.hardware.vibrator-service.example_fuzzer"},
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@ -14,6 +14,7 @@
    hal_bootctl_service
    hal_remoteaccess_service
    hal_thermal_service
+    hal_usb_gadget_service
    hal_tv_input_service
    hal_tv_hdmi_service
    hal_tv_hdmi_cec_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -76,6 +76,7 @@ android.hardware.tv.hdmi.IHdmi/default                               u:object_r:
 android.hardware.tv.tuner.ITuner/default                             u:object_r:hal_tv_tuner_service:s0
 android.hardware.tv.input.ITvInput/default                           u:object_r:hal_tv_input_service:s0
 android.hardware.usb.IUsb/default                                    u:object_r:hal_usb_service:s0
+android.hardware.usb.gadget.IUsbGadget/default                       u:object_r:hal_usb_gadget_service:s0
 android.hardware.uwb.IUwb/default                                    u:object_r:hal_uwb_service:s0
 android.hardware.vibrator.IVibrator/default                          u:object_r:hal_vibrator_service:s0
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0
--- a/public/hal_usb_gadget.te
+++ b/public/hal_usb_gadget.te
@ -2,6 +2,9 @@
 binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
 binder_call(hal_usb_gadget_server, hal_usb_gadget_client)

+hal_attribute_service(hal_usb_gadget, hal_usb_gadget_service)
+binder_call(hal_usb_gadget_server, servicemanager)
+
 hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)

 # Configuring usb gadget functions
@ -10,4 +13,4 @@ allow hal_usb_gadget_server configfs:dir rw_dir_perms;
 allow hal_usb_gadget_server configfs:file create_file_perms;
 allow hal_usb_gadget_server functionfs:dir { read search };
 allow hal_usb_gadget_server functionfs:file read;
-
+allow hal_usb_gadget_server proc_interrupts:file r_file_perms;
--- a/public/service.te
+++ b/public/service.te
@ -311,6 +311,7 @@ type hal_tv_hdmi_cec_service, protected_service, hal_service_type, service_manag
 type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
 type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
 type hal_usb_service, protected_service, hal_service_type, service_manager_type;
+type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
 type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
 type hal_vehicle_service, protected_service, hal_service_type, service_manager_type;
 type hal_vibrator_service, protected_service, hal_service_type, service_manager_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -102,6 +102,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)?  u:object_r:hal_tv_tuner_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.example        u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.example   u:object_r:hal_usb_gadget_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service    u:object_r:hal_usb_gadget_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.uwb-service                 u:object_r:hal_uwb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0