Add permissions for new netd AIDL HAL Netd is now serving an AIDL HAL to replace the old HIDL HAL. Bug: 205764585 Test: Boot and check for avc denials Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855

commit: 309a355088340e16f7ba5cf2ed748963e577a16b [log] [tgz]
author: Devin Moore <devinmoore@google.com> Tue May 10 21:56:20 2022 +0000
committer: Devin Moore <devinmoore@google.com> Thu Jun 09 22:39:15 2022 +0000
tree: 9c625fc3c1be70d0da5378faee915209e35d1e65
parent: 06c506940eb7677b0ce4fb6967e9771db3cc8ca4 [diff]
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 606cdaf..f15e8f3 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil

@@ -7,6 +7,7 @@
   ( new_objects
     device_config_vendor_system_native_prop
     hal_bootctl_service
+    system_net_netd_service
     virtual_face_hal_prop
     virtual_fingerprint_hal_prop
   ))

diff --git a/private/service_contexts b/private/service_contexts
index 247f22f..5049f25 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -70,6 +70,7 @@
 android.frameworks.stats.IStats/default                              u:object_r:fwk_stats_service:s0
 android.se.omapi.ISecureElementService/default                       u:object_r:secure_element_service:s0
 android.system.keystore2.IKeystoreService/default                    u:object_r:keystore_service:s0
+android.system.net.netd.INetd/default                                u:object_r:system_net_netd_service:s0
 android.system.suspend.ISystemSuspend/default                        u:object_r:hal_system_suspend_service:s0
 
 accessibility                             u:object_r:accessibility_service:s0

diff --git a/public/netd.te b/public/netd.te
index 64b4c7d..bdd721a 100644
--- a/public/netd.te
+++ b/public/netd.te

@@ -113,6 +113,10 @@
 add_hwservice(netd, system_net_netd_hwservice)
 hwbinder_use(netd)
 
+# AIDL hal server
+binder_call(system_net_netd_service, servicemanager)
+add_service(netd, system_net_netd_service)
+
 ###
 ### Neverallow rules
 ###

diff --git a/public/service.te b/public/service.te
index 97dddc1..d7cf74c 100644
--- a/public/service.te
+++ b/public/service.te

@@ -44,6 +44,7 @@
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;
+type system_net_netd_service,   service_manager_type;
 type system_suspend_control_internal_service, service_manager_type;
 type system_suspend_control_service, service_manager_type;
 type update_engine_service,     service_manager_type;
commit	309a355088340e16f7ba5cf2ed748963e577a16b	[log] [tgz]
author	Devin Moore <devinmoore@google.com>	Tue May 10 21:56:20 2022 +0000
committer	Devin Moore <devinmoore@google.com>	Thu Jun 09 22:39:15 2022 +0000
tree	9c625fc3c1be70d0da5378faee915209e35d1e65
parent	06c506940eb7677b0ce4fb6967e9771db3cc8ca4 [diff]