Merge "Add file contexts for FederatedCompute."
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 7a7f61f..cee7f1c 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -23,17 +23,21 @@
"android.hardware.automotive.evs.IEvsEnumerator/hw/0": []string{},
"android.hardware.boot.IBootControl/default": []string{},
"android.hardware.automotive.evs.IEvsEnumerator/hw/1": []string{},
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": []string{},
"android.hardware.automotive.vehicle.IVehicle/default": []string{},
"android.hardware.automotive.audiocontrol.IAudioControl/default": []string{},
"android.hardware.biometrics.face.IFace/default": []string{},
"android.hardware.biometrics.fingerprint.IFingerprint/default": []string{},
"android.hardware.biometrics.fingerprint.IFingerprint/virtual": []string{},
"android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": []string{},
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{},
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{},
"android.hardware.camera.provider.ICameraProvider/internal/0": []string{},
"android.hardware.contexthub.IContextHub/default": []string{},
"android.hardware.drm.IDrmFactory/clearkey": []string{},
"android.hardware.drm.ICryptoFactory/clearkey": []string{},
"android.hardware.dumpstate.IDumpstateDevice/default": []string{},
+ "android.hardware.gatekeeper.IGatekeeper/default": []string{},
"android.hardware.gnss.IGnss/default": []string{},
"android.hardware.graphics.allocator.IAllocator/default": []string{},
"android.hardware.graphics.composer3.IComposer/default": []string{},
@@ -168,6 +172,7 @@
"country_detector": []string{},
"coverage": []string{},
"cpuinfo": []string{},
+ "credential": []string{},
"crossprofileapps": []string{},
"dataloader_manager": []string{},
"dbinfo": []string{},
@@ -208,6 +213,7 @@
"hardware": []string{},
"hardware_properties": []string{},
"hdmi_control": []string{},
+ "healthconnect": []string{},
"ions": []string{},
"idmap": []string{},
"incident": []string{},
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 90e2eaf..c6c0c18 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -7,10 +7,13 @@
( new_objects
apex_ready_prop
artd
+ credential_service
device_config_memory_safety_native_prop
device_config_vendor_system_native_prop
hal_bootctl_service
+ hal_remoteaccess_service
hal_tv_input_service
+ healthconnect_service
keystore_config_prop
permissive_mte_prop
servicemanager_prop
@@ -19,4 +22,6 @@
tuner_server_ctl_prop
virtual_face_hal_prop
virtual_fingerprint_hal_prop
+ hal_gatekeeper_service
+ hal_broadcastradio_service
))
diff --git a/private/service_contexts b/private/service_contexts
index 1504bac..86b27f4 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -5,12 +5,15 @@
android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
android.hardware.boot.IBootControl/default u:object_r:hal_bootctl_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
-android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
+android.hardware.automotive.remoteaccess.IRemoteAccess/default u:object_r:hal_remoteaccess_service:s0
+android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/virtual u:object_r:hal_fingerprint_service:s0
android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default u:object_r:hal_audio_service:s0
+android.hardware.broadcastradio.IBroadcastRadio/amfm u:object_r:hal_broadcastradio_service:s0
+android.hardware.broadcastradio.IBroadcastRadio/dab u:object_r:hal_broadcastradio_service:s0
# The instance here is internal/0 following naming convention for ICameraProvider.
# It advertises internal camera devices.
android.hardware.camera.provider.ICameraProvider/internal/0 u:object_r:hal_camera_service:s0
@@ -56,6 +59,7 @@
android.hardware.security.dice.IDiceDevice/default u:object_r:hal_dice_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
+android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
android.hardware.sensors.ISensors/default u:object_r:hal_sensors_service:s0
@@ -140,6 +144,7 @@
com.android.net.IProxyService u:object_r:IProxyService_service:s0
companiondevice u:object_r:companion_device_service:s0
communal u:object_r:communal_service:s0
+credential u:object_r:credential_service:s0
platform_compat u:object_r:platform_compat_service:s0
platform_compat_native u:object_r:platform_compat_service:s0
connectivity u:object_r:connectivity_service:s0
@@ -193,6 +198,7 @@
hardware u:object_r:hardware_service:s0
hardware_properties u:object_r:hardware_properties_service:s0
hdmi_control u:object_r:hdmi_control_service:s0
+healthconnect u:object_r:healthconnect_service:s0
ions u:object_r:radio_service:s0
idmap u:object_r:idmap_service:s0
incident u:object_r:incident_service:s0
diff --git a/public/attributes b/public/attributes
index aeed208..f431725 100644
--- a/public/attributes
+++ b/public/attributes
@@ -362,6 +362,7 @@
hal_attribute(power);
hal_attribute(power_stats);
hal_attribute(rebootescrow);
+hal_attribute(remoteaccess);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
diff --git a/public/dumpstate.te b/public/dumpstate.te
index a2d2417..c73c2e7 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -78,6 +78,7 @@
hal_audio_server
hal_audiocontrol_server
hal_bluetooth_server
+ hal_broadcastradio_server
hal_camera_server
hal_codec2_server
hal_drm_server
diff --git a/public/hal_broadcastradio.te b/public/hal_broadcastradio.te
index 84a2597..bb882c9 100644
--- a/public/hal_broadcastradio.te
+++ b/public/hal_broadcastradio.te
@@ -2,3 +2,6 @@
binder_call(hal_broadcastradio_server, hal_broadcastradio_client)
hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice)
+hal_attribute_service(hal_broadcastradio, hal_broadcastradio_service)
+
+binder_call(hal_broadcastradio_server, servicemanager)
diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
index b918f88..fc23e64 100644
--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
@@ -1,6 +1,8 @@
binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
+hal_attribute_service(hal_gatekeeper, hal_gatekeeper_service)
+binder_call(hal_gatekeeper_server, servicemanager)
# TEE access.
allow hal_gatekeeper tee_device:chr_file rw_file_perms;
diff --git a/public/hal_remoteaccess.te b/public/hal_remoteaccess.te
new file mode 100644
index 0000000..8a55529
--- /dev/null
+++ b/public/hal_remoteaccess.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_remoteaccess_client, hal_remoteaccess_server)
+binder_call(hal_remoteaccess_server, hal_remoteaccess_client)
+
+hal_attribute_service(hal_remoteaccess, hal_remoteaccess_service)
+
diff --git a/public/service.te b/public/service.te
index 4bd5e65..2b43fc2 100644
--- a/public/service.te
+++ b/public/service.te
@@ -102,6 +102,7 @@
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
+type credential_service, system_api_service, system_server_service, service_manager_type;
type dataloader_manager_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_config_service, system_server_service, service_manager_type;
@@ -136,6 +137,7 @@
type hardware_service, system_server_service, service_manager_type;
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, app_api_service, system_server_service, service_manager_type;
+type healthconnect_service, app_api_service, system_server_service, service_manager_type;
type hint_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type incremental_service, system_server_service, service_manager_type;
@@ -268,6 +270,7 @@
type hal_audiocontrol_service, hal_service_type, service_manager_type;
type hal_authsecret_service, protected_service, hal_service_type, service_manager_type;
type hal_bootctl_service, protected_service, hal_service_type, service_manager_type;
+type hal_broadcastradio_service, protected_service, hal_service_type, service_manager_type;
type hal_camera_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
@@ -294,6 +297,7 @@
type hal_power_stats_service, protected_service, hal_service_type, service_manager_type;
type hal_radio_service, protected_service, hal_service_type, service_manager_type;
type hal_rebootescrow_service, protected_service, hal_service_type, service_manager_type;
+type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
@@ -309,6 +313,7 @@
type hal_nlinterceptor_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
+type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
###
### Neverallow rules
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 24f0d51..ceb1492 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -13,6 +13,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-default-service u:object_r:hal_remoteaccess_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
@@ -23,6 +24,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot-service.default u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio-service.default u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service_64 u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service-lazy_64 u:object_r:hal_camera_default_exec:s0
diff --git a/vendor/hal_remoteaccess_default.te b/vendor/hal_remoteaccess_default.te
new file mode 100644
index 0000000..571b827
--- /dev/null
+++ b/vendor/hal_remoteaccess_default.te
@@ -0,0 +1,6 @@
+type hal_remoteaccess_default, domain;
+hal_server_domain(hal_remoteaccess_default, hal_remoteaccess)
+
+# may be started by init
+type hal_remoteaccess_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_remoteaccess_default)