commit 0814795c79855e5957580b4da71e8e73628e3e01
author Yifan Hong <elsk@google.com> Thu Aug 09 13:04:48 2018 -0700
committer Yifan Hong <elsk@google.com> Fri Aug 10 11:02:21 2018 -0700
tree af5e0b5c942c290284e2f892fd45ad714f164910
parent 291531ef46a9ece1e0cfcc5dc5df67e7f6947ade

Add sepolicy for health filesystem HAL

Test: builds
Test: vts
Bug: 111655771
Change-Id: Iabad3d124bf476cb624addf7d7898e0c2894d550

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ee202ba..7e04f07 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -58,6 +58,7 @@
     hal_codec2_hwservice
     hal_confirmationui_hwservice
     hal_evs_hwservice
+    hal_health_filesystem_hwservice
     hal_lowpan_hwservice
     hal_neuralnetworks_hwservice
     hal_secure_element_hwservice

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index b99de06..6e4147e 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -52,6 +52,7 @@
     hal_codec2_hwservice
     hal_confirmationui_hwservice
     hal_evs_hwservice
+    hal_health_filesystem_hwservice
     hal_lowpan_hwservice
     hal_secure_element_hwservice
     hal_usb_gadget_hwservice

private/compat/28.0/28.0.ignore.cil

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7b16b96..a8f6fec 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -5,6 +5,7 @@
 (typeattributeset new_objects
   ( activity_task_service
     adb_service
+    hal_health_filesystem_hwservice
     llkd
     llkd_exec
     llkd_tmpfs

private/hwservice_contexts

diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 7a90ad5..3779011 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -27,6 +27,7 @@
 android.hardware.graphics.composer::IComposer                   u:object_r:hal_graphics_composer_hwservice:s0
 android.hardware.graphics.mapper::IMapper                       u:object_r:hal_graphics_mapper_hwservice:s0
 android.hardware.health::IHealth                                u:object_r:hal_health_hwservice:s0
+android.hardware.health.filesystem::IFileSystem                 u:object_r:hal_health_filesystem_hwservice:s0
 android.hardware.ir::IConsumerIr                                u:object_r:hal_ir_hwservice:s0
 android.hardware.keymaster::IKeymasterDevice                    u:object_r:hal_keymaster_hwservice:s0
 android.hardware.light::ILight                                  u:object_r:hal_light_hwservice:s0

public/attributes

diff --git a/public/attributes b/public/attributes
index 90e1148..7dadf9e 100644
--- a/public/attributes
+++ b/public/attributes
@@ -253,6 +253,7 @@
 hal_attribute(graphics_allocator);
 hal_attribute(graphics_composer);
 hal_attribute(health);
+hal_attribute(health_filesystem);
 hal_attribute(ir);
 hal_attribute(keymaster);
 hal_attribute(light);

public/hal_health_filesystem.te

diff --git a/public/hal_health_filesystem.te b/public/hal_health_filesystem.te
new file mode 100644
index 0000000..4d02adc
--- /dev/null
+++ b/public/hal_health_filesystem.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_health_filesystem_client, hal_health_filesystem_server)
+binder_call(hal_health_filesystem_server, hal_health_filesystem_client)
+
+hal_attribute_hwservice(hal_health_filesystem, hal_health_filesystem_hwservice)

public/hwservice.te

diff --git a/public/hwservice.te b/public/hwservice.te
index 6f09efc..fba108f 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -24,6 +24,7 @@
 type hal_graphics_composer_hwservice, hwservice_manager_type;
 type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
 type hal_health_hwservice, hwservice_manager_type;
+type hal_health_filesystem_hwservice, hwservice_manager_type;
 type hal_ir_hwservice, hwservice_manager_type;
 type hal_keymaster_hwservice, hwservice_manager_type;
 type hal_light_hwservice, hwservice_manager_type;

vendor/file_contexts

diff --git a/vendor/file_contexts b/vendor/file_contexts
index e029bfd..9728b7c 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -26,6 +26,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.2-service    u:object_r:hal_graphics_composer_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service         u:object_r:hal_health_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.filesystem@1\.0-service         u:object_r:hal_health_filesystem_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service      u:object_r:hal_keymaster_default_exec:s0

vendor/hal_health_filesystem_default.te

diff --git a/vendor/hal_health_filesystem_default.te b/vendor/hal_health_filesystem_default.te
new file mode 100644
index 0000000..b680a25
--- /dev/null
+++ b/vendor/hal_health_filesystem_default.te
@@ -0,0 +1,6 @@
+type hal_health_filesystem_default, domain;
+hal_server_domain(hal_health_filesystem_default, hal_health_filesystem)
+
+type hal_health_filesystem_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_health_filesystem_default)
+