Merge "Add rules for Lights AIDL HAL"
diff --git a/private/blank_screen.te b/private/blank_screen.te
index 51310d1..69dd7e6 100644
--- a/private/blank_screen.te
+++ b/private/blank_screen.te
@@ -4,3 +4,5 @@
init_daemon_domain(blank_screen)
hal_client_domain(blank_screen, hal_light)
+
+allow blank_screen hal_light_service:service_manager find;
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index d15a607..38d980e 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -37,6 +37,7 @@
hal_can_bus_hwservice
hal_can_controller_hwservice
hal_identity_hwservice
+ hal_light_service
hal_power_service
hal_rebootescrow_service
hal_tv_tuner_hwservice
@@ -55,6 +56,7 @@
mediatranscoding_exec
mediatranscoding_tmpfs
mirror_data_file
+ light_service
linker_prop
linkerconfig_file
mock_ota_prop
diff --git a/private/service_contexts b/private/service_contexts
index 641798a..19d3b0d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.light.ILights/default u:object_r:hal_light_service:s0
android.hardware.power.IPower/default u:object_r:hal_power_service:s0
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
@@ -114,6 +115,7 @@
isub u:object_r:radio_service:s0
jobscheduler u:object_r:jobscheduler_service:s0
launcherapps u:object_r:launcherapps_service:s0
+lights u:object_r:light_service:s0
location u:object_r:location_service:s0
lock_settings u:object_r:lock_settings_service:s0
looper_stats u:object_r:looper_stats_service:s0
diff --git a/public/domain.te b/public/domain.te
index 72ec076..604df89 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -652,6 +652,7 @@
-audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
-cameraserver_service
-drmserver_service
+ -hal_light_service # TODO(b/148154485) remove once all violators are gone
-keystore_service
-mediadrmserver_service
-mediaextractor_service
diff --git a/public/hal_light.te b/public/hal_light.te
index 333fcac..1e70b74 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -4,6 +4,13 @@
hal_attribute_hwservice(hal_light, hal_light_hwservice)
+add_service(hal_light_server, hal_light_service)
+binder_call(hal_light_server, servicemanager)
+
+allow hal_light_client hal_light_service:service_manager find;
+
+allow hal_light_server dumpstate:fifo_file write;
+
allow hal_light sysfs_leds:lnk_file read;
allow hal_light sysfs_leds:file rw_file_perms;
allow hal_light sysfs_leds:dir r_dir_perms;
diff --git a/public/service.te b/public/service.te
index d9bf83d..76e642d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -117,6 +117,7 @@
type iris_service, app_api_service, system_server_service, service_manager_type;
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
type looper_stats_service, system_server_service, service_manager_type;
@@ -205,6 +206,7 @@
### HAL Services
###
+type hal_light_service, vendor_service, service_manager_type;
type hal_power_service, vendor_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, service_manager_type;
type hal_vibrator_service, vendor_service, service_manager_type;