Add sepolicy for IBootControl AIDL
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3beb247..606cdaf 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -6,6 +6,7 @@
(typeattributeset new_objects
( new_objects
device_config_vendor_system_native_prop
+ hal_bootctl_service
virtual_face_hal_prop
virtual_fingerprint_hal_prop
))
diff --git a/private/service_contexts b/private/service_contexts
index 1094151..247f22f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -2,6 +2,7 @@
android.hardware.audio.core.IModule/default u:object_r:hal_audio_service:s0
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
+android.hardware.boot.IBootControl/default u:object_r:hal_bootctl_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
diff --git a/private/update_engine.te b/private/update_engine.te
index c3f575f..8d6341c 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -30,3 +30,7 @@
# capex decompression
allow update_engine apex_service:service_manager find;
binder_call(update_engine, apexd)
+
+# let this domain use the hal service
+binder_use(update_engine)
+hal_client_domain(update_engine, hal_bootctl)
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index a1f3d7f..1ef10a7 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -1,6 +1,7 @@
# HwBinder IPC from client to server, and callbacks
binder_call(hal_bootctl_client, hal_bootctl_server)
binder_call(hal_bootctl_server, hal_bootctl_client)
+binder_use(hal_bootctl_server)
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
allow hal_bootctl_server proc_bootconfig:file r_file_perms;
diff --git a/public/service.te b/public/service.te
index 8dc3e04..97dddc1 100644
--- a/public/service.te
+++ b/public/service.te
@@ -269,6 +269,7 @@
type hal_audio_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_audiocontrol_service, vendor_service, hal_service_type, service_manager_type;
type hal_authsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type;
+type hal_bootctl_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_camera_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_dice_service, vendor_service, protected_service, hal_service_type, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 392a750..dd1e4a1 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -20,6 +20,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.2-service\.example u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.boot-service.default u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service u:object_r:hal_camera_default_exec:s0