Add sepolicy configs for LyricConfigProvider Service
- Introduce service_context for ILyricConfigProvider service
- Allow adding the ILyricConfigProvider to the service manager.
- Allow HAL to find ILyricConfigProvider from servicemanager
- Allow all proceses in com.google.pixel.services:* to have the same domain as the app (vendor_pbcs_app)
-- We'll be running services in their own processes so this
is needed.
- TODO: binder_call(vendor_pbcs_app, vendor_pcs_app);
Allow PBCS appdomain to make binder calls into PCS appdomain
after ag/24030784 lands.
Bug: 280340307
Test: We can successfully start and register the LyricConfigProvider service with the servicemanager.
Change-Id: Ia0a74065e98761e48aa041bf7f2f34188017cee4
diff --git a/camera/sepolicy/hal_camera_default.te b/camera/sepolicy/hal_camera_default.te
index 35eea3c..62eef4a 100644
--- a/camera/sepolicy/hal_camera_default.te
+++ b/camera/sepolicy/hal_camera_default.te
@@ -1,4 +1,6 @@
allow hal_camera_default vendor_camera_binder_service:service_manager find;
+# Allow Lyric Hal to find the LyricConfigProvider service through ServiceManager.
+allow hal_camera_default vendor_camera_lyricconfigprovider_service:service_manager find;
allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
diff --git a/camera/sepolicy/seapp_contexts b/camera/sepolicy/seapp_contexts
index 9059600..f956929 100644
--- a/camera/sepolicy/seapp_contexts
+++ b/camera/sepolicy/seapp_contexts
@@ -1,5 +1,7 @@
# Pixel PeristentBackgroundCameraServices
user=system seinfo=platform name=com.google.pixel.camera.services domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
+# The :* will allow all services, which run in their own processes, to use the same vendor_pbcs_app domain.
+user=system seinfo=platform name=com.google.pixel.camera.services:* domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
# Pixel Camera Services
user=_app seinfo=CameraServices name=com.google.android.apps.camera.services domain=vendor_pcs_app type=app_data_file levelFrom=all
diff --git a/camera/sepolicy/service.te b/camera/sepolicy/service.te
index 4a2dcbb..330c7ff 100644
--- a/camera/sepolicy/service.te
+++ b/camera/sepolicy/service.te
@@ -1,3 +1,5 @@
type vendor_camera_binder_service, hal_service_type, protected_service, service_manager_type;
type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
diff --git a/camera/sepolicy/service_contexts b/camera/sepolicy/service_contexts
index 5ea067f..bec3402 100644
--- a/camera/sepolicy/service_contexts
+++ b/camera/sepolicy/service_contexts
@@ -1,3 +1,5 @@
com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor_camera_binder_service:s0
com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
+
+com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0
diff --git a/camera/sepolicy/vendor_pbcs_app.te b/camera/sepolicy/vendor_pbcs_app.te
index 1ee663f..1a3a0ef 100644
--- a/camera/sepolicy/vendor_pbcs_app.te
+++ b/camera/sepolicy/vendor_pbcs_app.te
@@ -6,6 +6,9 @@
allow vendor_pbcs_app app_api_service:service_manager find;
-allow vendor_pbcs_app vendor_camera_binder_service:service_manager add;
+# Allow PBCS to add the ServiceBinder service to ServiceManager.
+add_service(vendor_pbcs_app, vendor_camera_binder_service);
+# Allow PBCS to add the LyricConfigProvider service to ServiceManager.
+add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service);
binder_call(vendor_pbcs_app, hal_camera_default);