commit 394dbe34a0dc7519acb9948175ba63ee18bedbed
author Pavel Maltsev <pavelm@google.com> Tue Apr 10 14:07:14 2018 -0700
committer Pavel Maltsev <pavelm@google.com> Mon Apr 23 15:46:41 2018 -0700
tree dc3863ee311352f04b27a57090afa4d98b71002d
parent 8ed7e521371527969dcc3ad6709b18b74088e4a9

Move automotive HALs sepolicy to system/

Bug: 70637118
Test: build, flash and boot bat_land and owl automotive builds

Change-Id: I6db23258de30174d6db09d241e91b08aa5afedef

vendor/file_contexts

diff --git a/vendor/file_contexts b/vendor/file_contexts
index ba3c705..f267468 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -2,6 +2,9 @@
 # Default HALs
 #
 /(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service  u:object_r:hal_audiocontrol_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service  u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_bootctl_default_exec:s0

vendor/hal_audiocontrol_default.te

diff --git a/vendor/hal_audiocontrol_default.te b/vendor/hal_audiocontrol_default.te
new file mode 100644
index 0000000..d1940c9
--- /dev/null
+++ b/vendor/hal_audiocontrol_default.te
@@ -0,0 +1,7 @@
+# audiocontrol subsystem
+type hal_audiocontrol_default, domain;
+hal_server_domain(hal_audiocontrol_default, hal_audiocontrol)
+
+# may be started by init
+type hal_audiocontrol_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_audiocontrol_default)

vendor/hal_evs_default.te

diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te
new file mode 100644
index 0000000..b927f1e
--- /dev/null
+++ b/vendor/hal_evs_default.te
@@ -0,0 +1,10 @@
+# evs_mock mock hardware driver service
+type hal_evs_default, domain;
+hal_server_domain(hal_evs_default, hal_evs)
+
+# allow init to launch processes in this context
+type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_evs_default)
+
+allow hal_evs_default hal_graphics_allocator_default:fd use;
+

vendor/hal_vehicle_default.te

diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
new file mode 100644
index 0000000..e605ecb
--- /dev/null
+++ b/vendor/hal_vehicle_default.te
@@ -0,0 +1,7 @@
+# vehicle subsystem
+type hal_vehicle_default, domain;
+hal_server_domain(hal_vehicle_default, hal_vehicle)
+
+# may be started by init
+type hal_vehicle_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vehicle_default)