sepolicy: Serve suspend AIDL hal from system_suspend
Allow system_suspend to server the suspend AIDL hal service.
Bug: 170260236
Test: Check logcat for supend avc denials
Change-Id: Ie4c07e2e8d75fd4b12e55db15511060e09be59cf
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 9cb5c92..f1de944 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -7,6 +7,7 @@
( new_objects
artd_service
camera2_extensions_prop
+ hal_system_suspend_service
power_stats_service
transformer_service
proc_watermark_boost_factor
diff --git a/private/service_contexts b/private/service_contexts
index f8c1607..61db2d1 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -21,6 +21,7 @@
android.hardware.weaver.IWeaver/default u:object_r:hal_weaver_service:s0
android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
+android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
diff --git a/private/system_suspend.te b/private/system_suspend.te
index caf8955..d924187 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -7,6 +7,8 @@
binder_use(system_suspend)
add_service(system_suspend, system_suspend_control_service)
+add_service(system_suspend, hal_system_suspend_service)
+
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;