Add property accesses to gatekeeper, keymint policies These property accesses were allowed in Cuttlefish policy (see aosp/3324975) but aren't Cuttlefish-specific. The implementations of these HALs are in `hardware/interfaces. Bug: b/374158137 Test: `cvd create`, check sepolicy errors Change-Id: I44dd534cfa4afacc4961d22630017ff30553696c

commit: 116aa1a1a16c52f3036d238711579abebb205263 [log] [tgz]
author: A. Cody Schuffelen <schuffelen@google.com> Tue Oct 29 19:28:43 2024 -0700
committer: A. Cody Schuffelen <schuffelen@google.com> Wed Nov 06 13:43:15 2024 -0800
tree: ea8fd5714b43710e9c4c9202207d2f6ad328e004
parent: 2c7fa32f600d92f87924c60340f41fce16e1cda8 [diff]
diff --git a/vendor/hal_gatekeeper_default.te b/vendor/hal_gatekeeper_default.te
index a3654cc..980bf5c 100644
--- a/vendor/hal_gatekeeper_default.te
+++ b/vendor/hal_gatekeeper_default.te

@@ -3,3 +3,7 @@
 
 type hal_gatekeeper_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_gatekeeper_default);
+
+# Write to kernel log (/dev/kmsg)
+allow hal_gatekeeper_default kmsg_device:chr_file w_file_perms;
+allow hal_gatekeeper_default kmsg_device:chr_file getattr;

diff --git a/vendor/hal_keymint_default.te b/vendor/hal_keymint_default.te
index 3b86a1b..b0ed4d7 100644
--- a/vendor/hal_keymint_default.te
+++ b/vendor/hal_keymint_default.te

@@ -7,4 +7,5 @@
 hal_attribute_service(hal_keymint, hal_secureclock_service)
 hal_attribute_service(hal_keymint, hal_sharedsecret_service)
 
+get_prop(hal_keymint_default, serialno_prop)
 get_prop(hal_keymint_default, vendor_security_patch_level_prop);
commit	116aa1a1a16c52f3036d238711579abebb205263	[log] [tgz]
author	A. Cody Schuffelen <schuffelen@google.com>	Tue Oct 29 19:28:43 2024 -0700
committer	A. Cody Schuffelen <schuffelen@google.com>	Wed Nov 06 13:43:15 2024 -0800
tree	ea8fd5714b43710e9c4c9202207d2f6ad328e004
parent	2c7fa32f600d92f87924c60340f41fce16e1cda8 [diff]