[avf][rkp] Allow virtualizationservice to register RKP HAL service
Bug: 274881098
Test: atest MicrodroidHostTests
Change-Id: Ib0953fa49f27719be63bb244071b132bc385dca3
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 44c3243..b03efa6 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -174,6 +174,7 @@
"android.service.gatekeeper.IGateKeeperService": []string{"gatekeeperd_service_fuzzer"},
"android.system.composd": EXCEPTION_NO_FUZZER,
// TODO(b/294158658): add fuzzer
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
"android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
"android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER,
"ambient_context": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 69902d8..cfe0a3a 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -6,6 +6,7 @@
(typeattributeset new_objects
( new_objects
archive_service
+ avf_remotelyprovisionedcomponent_service
dtbo_block_device
ota_build_prop
snapuserd_log_data_file
diff --git a/private/service_contexts b/private/service_contexts
index a1fb06b..6c5f1ee 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -91,6 +91,7 @@
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
+android.hardware.security.keymint.IRemotelyProvisionedComponent/avf u:object_r:avf_remotelyprovisionedcomponent_service:s0
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 93cd04c..432ca53 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -15,6 +15,9 @@
# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
add_service(virtualizationservice, virtualization_service)
+# Allow registering as a remotely provisioned component for pVM remote attestation.
+add_service(virtualizationservice, avf_remotelyprovisionedcomponent_service)
+
# Let virtualizationservice find and communicate with vfio_handler.
allow virtualizationservice vfio_handler_service:service_manager find;
binder_call(virtualizationservice, vfio_handler)
diff --git a/public/service.te b/public/service.te
index e018e40..ba7921a 100644
--- a/public/service.te
+++ b/public/service.te
@@ -315,6 +315,7 @@
type hal_radio_service, protected_service, hal_service_type, service_manager_type;
type hal_rebootescrow_service, protected_service, hal_service_type, service_manager_type;
type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
+type avf_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;