commit 17b38d526db6e19f9d128196463c03c03ca27974
author Changyeon Jo <changyeon@google.com> Fri Feb 07 00:57:16 2020 +0000
committer Changyeon Jo <changyeon@google.com> Tue Feb 25 02:02:54 2020 +0000
tree e045f6fcf89f2934cf18515d6e6852e8ae81ba23
parent 749e119053d3b91cc6b47365668e315732ea59ab

Update automotive display service rules

This change updates sepolicies for automotive display service to make it
available to the vendor processes.

Bug: 149017572
Test: m -j selinux_policy
Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b
Signed-off-by: Changyeon Jo <changyeon@google.com>

private/automotive_display_service.te

diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
index e397d10..fa11ca4 100644
--- a/private/automotive_display_service.te
+++ b/private/automotive_display_service.te
@@ -1,20 +1,33 @@
-# Display service for Automotive
-type automotive_display, domain, coredomain;
-type automotive_display_exec, system_file_type, exec_type, file_type;
+# Display proxy service for Automotive
+type automotive_display_service, domain, coredomain;
+type automotive_display_service_exec, system_file_type, exec_type, file_type;
 
-init_daemon_domain(automotive_display)
+typeattribute automotive_display_service automotive_display_service_server;
+
+# Allow to add a display service to the manager
+add_hwservice(automotive_display_service, fwk_automotive_display_hwservice);
+
+# Allow init to launch automotive display service
+init_daemon_domain(automotive_display_service)
 
 # Allow to use Binder IPC for SurfaceFlinger.
-binder_use(automotive_display)
+binder_use(automotive_display_service)
 
 # Allow to use HwBinder IPC for HAL implementations.
-hwbinder_use(automotive_display)
+hwbinder_use(automotive_display_service)
+hal_client_domain(automotive_display_service, hal_graphics_composer)
 
 # Allow to read the target property.
-get_prop(automotive_display, hwservicemanager_prop)
+get_prop(automotive_display_service, hwservicemanager_prop)
 
 # Allow to find SurfaceFlinger.
-allow automotive_display surfaceflinger_service:service_manager find;
+allow automotive_display_service surfaceflinger_service:service_manager find;
 
 # Allow client domain to do binder IPC to serverdomain.
-binder_call(automotive_display, surfaceflinger)
+binder_call(automotive_display_service, surfaceflinger)
+
+# Allow to use a graphics mapper
+allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# Allow to use hidl token service
+allow automotive_display_service hidl_token_hwservice:hwservice_manager find;