Add sepolicy for IBootControl AIDL
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3beb247..606cdaf 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -6,6 +6,7 @@
(typeattributeset new_objects
( new_objects
device_config_vendor_system_native_prop
+ hal_bootctl_service
virtual_face_hal_prop
virtual_fingerprint_hal_prop
))
diff --git a/private/service_contexts b/private/service_contexts
index 1094151..247f22f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -2,6 +2,7 @@
android.hardware.audio.core.IModule/default u:object_r:hal_audio_service:s0
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
+android.hardware.boot.IBootControl/default u:object_r:hal_bootctl_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
diff --git a/private/update_engine.te b/private/update_engine.te
index c3f575f..8d6341c 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -30,3 +30,7 @@
# capex decompression
allow update_engine apex_service:service_manager find;
binder_call(update_engine, apexd)
+
+# let this domain use the hal service
+binder_use(update_engine)
+hal_client_domain(update_engine, hal_bootctl)