commit 24af2c95b13b55395210a8aa1c1c64e3dcdb41b1
author YiKai Peng <kenpeng@google.com> Sat May 18 15:06:46 2024 +0000
committer YiKai Peng <kenpeng@google.com> Sat May 18 15:11:40 2024 +0000
tree 624574fd67de31cc993b65c82772aaf9b29eb423
parent 59263135768b41a5d4c90728ec61265b45fa9ed9

Reapply "WLC: service: add configuration and contexts for sepolicy"

This reverts commit 7d99cb87ea21af55d699a319462f9999f960f302.

Bug: 311315038
Test: authentication
Change-Id: Iaf8d4043794f895ce9ce1ab9b295de072de16e50

wireless_charger/compatibility_matrix.xml

diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index 7d18cd9..b760b1d 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -7,4 +7,12 @@
             <instance>default</instance>
         </interface>
     </hal>
+    <hal format="aidl" optional="true">
+        <name>vendor.google.wireless_charger.service</name>
+        <version>1</version>
+        <interface>
+            <name>IWlcService</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
 </compatibility-matrix>

wireless_charger/sepolicy/dumpstate.te

diff --git a/wireless_charger/sepolicy/dumpstate.te b/wireless_charger/sepolicy/dumpstate.te
new file mode 100644
index 0000000..3c5fac3
--- /dev/null
+++ b/wireless_charger/sepolicy/dumpstate.te
@@ -0,0 +1 @@
+binder_call(dumpstate, hal_wlcservice)

wireless_charger/sepolicy/file.te

diff --git a/wireless_charger/sepolicy/file.te b/wireless_charger/sepolicy/file.te
new file mode 100644
index 0000000..6dd54c8
--- /dev/null
+++ b/wireless_charger/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_wlc_file, file_type, data_file_type;

wireless_charger/sepolicy/file_contexts

diff --git a/wireless_charger/sepolicy/file_contexts b/wireless_charger/sepolicy/file_contexts
index 004c7a1..98796a9 100644
--- a/wireless_charger/sepolicy/file_contexts
+++ b/wireless_charger/sepolicy/file_contexts
@@ -1 +1,5 @@
 /vendor/bin/hw/vendor\.google\.wireless_charger-default                  u:object_r:hal_wireless_charger_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default         u:object_r:hal_wlcservice_exec:s0
+
+# Data
+/data/vendor/wireless_charger(/.*)?                                      u:object_r:vendor_wlc_file:s0

wireless_charger/sepolicy/hal_wireless_charger.te

diff --git a/wireless_charger/sepolicy/hal_wireless_charger.te b/wireless_charger/sepolicy/hal_wireless_charger.te
index 7ab8d83..b5ed734 100644
--- a/wireless_charger/sepolicy/hal_wireless_charger.te
+++ b/wireless_charger/sepolicy/hal_wireless_charger.te
@@ -17,3 +17,4 @@
 
 binder_call(hal_wireless_charger, platform_app)
 binder_call(hal_wireless_charger, system_app)
+binder_call(hal_wireless_charger, hal_wlcservice)

wireless_charger/sepolicy/hal_wlcservice.te

diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
new file mode 100644
index 0000000..eadb593
--- /dev/null
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -0,0 +1,18 @@
+type hal_wlcservice, domain;
+type hal_wlcservice_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_wlcservice)
+
+allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
+allow hal_wlcservice vendor_wlc_file:file create_file_perms;
+allow hal_wlcservice hal_wireless_charger_service:service_manager find;
+allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+
+binder_call(hal_wlcservice, servicemanager)
+add_service(hal_wlcservice, hal_wlcservice_service)
+
+userdebug_or_eng(`
+     domain_auto_trans(shell,  hal_wlcservice_exec, hal_wlcservice)
+')
+
+binder_call(hal_wlcservice, hal_wireless_charger)

wireless_charger/sepolicy/service.te

diff --git a/wireless_charger/sepolicy/service.te b/wireless_charger/sepolicy/service.te
new file mode 100644
index 0000000..8f8d87b
--- /dev/null
+++ b/wireless_charger/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;

wireless_charger/sepolicy/service_contexts

diff --git a/wireless_charger/sepolicy/service_contexts b/wireless_charger/sepolicy/service_contexts
index 5813e35..ed2faba 100644
--- a/wireless_charger/sepolicy/service_contexts
+++ b/wireless_charger/sepolicy/service_contexts
@@ -1 +1,2 @@
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
+vendor.google.wireless_charger.service.IWlcService/default                   u:object_r:hal_wlcservice_service:s0

wireless_charger/wireless_charger.mk

diff --git a/wireless_charger/wireless_charger.mk b/wireless_charger/wireless_charger.mk
index acf5fc1..a2dc27c 100644
--- a/wireless_charger/wireless_charger.mk
+++ b/wireless_charger/wireless_charger.mk
@@ -1,5 +1,6 @@
 PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
 PRODUCT_PACKAGES += vendor.google.wireless_charger-default
+PRODUCT_PACKAGES += vendor.google.wireless_charger.service-default
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/wireless_charger/compatibility_matrix.xml
 
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy