Move automotive HALs sepolicy to system/
Bug: 70637118
Test: build, flash and boot bat_land and owl automotive builds
Change-Id: I6db23258de30174d6db09d241e91b08aa5afedef
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 71c7a00..16d99b8 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -43,17 +43,20 @@
exported3_system_prop
fingerprint_vendor_data_file
fs_bpf
+ hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_broadcastradio_hwservice
hal_cas_hwservice
hal_codec2_hwservice
hal_confirmationui_hwservice
+ hal_evs_hwservice
hal_lowpan_hwservice
hal_neuralnetworks_hwservice
hal_secure_element_hwservice
hal_tetheroffload_hwservice
hal_wifi_hostapd_hwservice
hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
hal_wifi_offload_hwservice
incident_helper
incident_helper_exec
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 94c81d0..21e9d65 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -39,12 +39,15 @@
exported_wifi_prop
fingerprint_vendor_data_file
fs_bpf
+ hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_codec2_hwservice
hal_confirmationui_hwservice
+ hal_evs_hwservice
hal_lowpan_hwservice
hal_secure_element_hwservice
hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
hal_wifi_hostapd_hwservice
incident_helper
incident_helper_exec
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 998bf2f..c75c0a5 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -4,6 +4,9 @@
android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
+android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
+android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
+android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0
android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0
diff --git a/public/attributes b/public/attributes
index 159d28e..6c55c41 100644
--- a/public/attributes
+++ b/public/attributes
@@ -240,6 +240,7 @@
# HALs
hal_attribute(allocator);
+hal_attribute(audiocontrol);
hal_attribute(authsecret);
hal_attribute(bluetooth);
hal_attribute(broadcastradio);
@@ -247,6 +248,7 @@
hal_attribute(confirmationui);
hal_attribute(contexthub);
hal_attribute(dumpstate);
+hal_attribute(evs);
hal_attribute(fingerprint);
hal_attribute(gatekeeper);
hal_attribute(gnss);
@@ -271,6 +273,7 @@
hal_attribute(tv_input);
hal_attribute(usb);
hal_attribute(usb_gadget);
+hal_attribute(vehicle);
hal_attribute(vibrator);
hal_attribute(vr);
hal_attribute(weaver);
diff --git a/public/hal_audiocontrol.te b/public/hal_audiocontrol.te
new file mode 100644
index 0000000..3e5a379
--- /dev/null
+++ b/public/hal_audiocontrol.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_audiocontrol_client, hal_audiocontrol_server)
+binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
+
+add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
diff --git a/public/hal_evs.te b/public/hal_evs.te
new file mode 100644
index 0000000..710051e
--- /dev/null
+++ b/public/hal_evs.te
@@ -0,0 +1,5 @@
+hwbinder_use(hal_evs_client)
+hwbinder_use(hal_evs_server)
+binder_call(hal_evs_client, hal_evs_server)
+binder_call(hal_evs_server, hal_evs_client)
+
diff --git a/public/hal_vehicle.te b/public/hal_vehicle.te
new file mode 100644
index 0000000..f49f5e6
--- /dev/null
+++ b/public/hal_vehicle.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_vehicle_client, hal_vehicle_server)
+binder_call(hal_vehicle_server, hal_vehicle_client)
+
+add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index ca20258..5fba86a 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -2,6 +2,7 @@
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hal_audiocontrol_hwservice, hwservice_manager_type;
type hal_audio_hwservice, hwservice_manager_type;
type hal_authsecret_hwservice, hwservice_manager_type;
type hal_bluetooth_hwservice, hwservice_manager_type;
@@ -15,6 +16,7 @@
type hal_drm_hwservice, hwservice_manager_type;
type hal_cas_hwservice, hwservice_manager_type;
type hal_dumpstate_hwservice, hwservice_manager_type;
+type hal_evs_hwservice, hwservice_manager_type;
type hal_fingerprint_hwservice, hwservice_manager_type;
type hal_gatekeeper_hwservice, hwservice_manager_type;
type hal_gnss_hwservice, hwservice_manager_type;
@@ -42,6 +44,7 @@
type hal_tv_input_hwservice, hwservice_manager_type;
type hal_usb_hwservice, hwservice_manager_type;
type hal_usb_gadget_hwservice, hwservice_manager_type;
+type hal_vehicle_hwservice, hwservice_manager_type;
type hal_vibrator_hwservice, hwservice_manager_type;
type hal_vr_hwservice, hwservice_manager_type;
type hal_weaver_hwservice, hwservice_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index ba3c705..f267468 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -2,6 +2,9 @@
# Default HALs
#
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
diff --git a/vendor/hal_audiocontrol_default.te b/vendor/hal_audiocontrol_default.te
new file mode 100644
index 0000000..d1940c9
--- /dev/null
+++ b/vendor/hal_audiocontrol_default.te
@@ -0,0 +1,7 @@
+# audiocontrol subsystem
+type hal_audiocontrol_default, domain;
+hal_server_domain(hal_audiocontrol_default, hal_audiocontrol)
+
+# may be started by init
+type hal_audiocontrol_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_audiocontrol_default)
diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te
new file mode 100644
index 0000000..b927f1e
--- /dev/null
+++ b/vendor/hal_evs_default.te
@@ -0,0 +1,10 @@
+# evs_mock mock hardware driver service
+type hal_evs_default, domain;
+hal_server_domain(hal_evs_default, hal_evs)
+
+# allow init to launch processes in this context
+type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_evs_default)
+
+allow hal_evs_default hal_graphics_allocator_default:fd use;
+
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
new file mode 100644
index 0000000..e605ecb
--- /dev/null
+++ b/vendor/hal_vehicle_default.te
@@ -0,0 +1,7 @@
+# vehicle subsystem
+type hal_vehicle_default, domain;
+hal_server_domain(hal_vehicle_default, hal_vehicle)
+
+# may be started by init
+type hal_vehicle_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vehicle_default)