Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 254d757289c7ecbee235ab2d3da9d5b089b8f006^! / . / public
commit254d757289c7ecbee235ab2d3da9d5b089b8f006[log] [tgz]
authorIvailo Karamanolev <ivailok@google.com>Tue Jan 21 16:37:44 2020 +0100
committerRobin Lee <rgl@google.com>Wed Jan 22 20:33:42 2020 +0100
tree87229f0c320d6c45db5449164a8f81c0d14c95d3
parent1d241db7e59b08c3d94ddc3d9e21be76d671ea9e [diff]
Add rules for Lights AIDL HAL

Test: manual; yukawa and cuttlefish; adb logcat | grep -i avc
Bug: 142230898
Change-Id: I9f576511d1fc77c5f0ad3cf1b96b038b301773d7

diff --git a/public/domain.te b/public/domain.te
index feb0435..4dc218a 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -652,6 +652,7 @@
     -audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
     -cameraserver_service
     -drmserver_service
+    -hal_light_service # TODO(b/148154485) remove once all violators are gone
     -keystore_service
     -mediadrmserver_service
     -mediaextractor_service

diff --git a/public/hal_light.te b/public/hal_light.te
index 333fcac..1e70b74 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te

@@ -4,6 +4,13 @@
 
 hal_attribute_hwservice(hal_light, hal_light_hwservice)
 
+add_service(hal_light_server, hal_light_service)
+binder_call(hal_light_server, servicemanager)
+
+allow hal_light_client hal_light_service:service_manager find;
+
+allow hal_light_server dumpstate:fifo_file write;
+
 allow hal_light sysfs_leds:lnk_file read;
 allow hal_light sysfs_leds:file rw_file_perms;
 allow hal_light sysfs_leds:dir r_dir_perms;

diff --git a/public/service.te b/public/service.te
index d9bf83d..76e642d 100644
--- a/public/service.te
+++ b/public/service.te

@@ -117,6 +117,7 @@
 type iris_service, app_api_service, system_server_service, service_manager_type;
 type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type lock_settings_service, system_api_service, system_server_service, service_manager_type;
 type looper_stats_service, system_server_service, service_manager_type;
@@ -205,6 +206,7 @@
 ### HAL Services
 ###
 
+type hal_light_service, vendor_service, service_manager_type;
 type hal_power_service, vendor_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, service_manager_type;
 type hal_vibrator_service, vendor_service, service_manager_type;