Add basic sepolicy for the IVmCapabilities HAL
Bug: 360102915
Test: builds
Test: presubmit
Change-Id: I1b7f73a9e3ff1ad35c318ac56667c64775de4064
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 257cee6..a2fe51d 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -23,144 +23,146 @@
var (
ServiceFuzzerBindings = map[string][]string{
- "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
- "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
- "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
- "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
- "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
- "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
- "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
- "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
- "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
- "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
- "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
- "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
- "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
- "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
- "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
- "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
- "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
- "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
- "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
- "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
- "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
- "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
- "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
- "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
- "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
- "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
- "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
+ "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
+ "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+ "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
+ "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
+ "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
+ "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
+ "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
+ "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop": EXCEPTION_NO_FUZZER,
+ "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
+ "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
+ "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
+ "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
+ "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
+ "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
"accessibility": EXCEPTION_NO_FUZZER,
"account": EXCEPTION_NO_FUZZER,
"activity": EXCEPTION_NO_FUZZER,
diff --git a/private/attributes b/private/attributes
index 13479c9..0da777a 100644
--- a/private/attributes
+++ b/private/attributes
@@ -31,3 +31,7 @@
until_board_api(202504, `
attribute tee_service_type;
')
+
+until_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 0aa0580..0af156f 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -16,6 +16,7 @@
forensic_service
fstype_prop
hal_mediaquality_service
+ hal_vm_capabilities_service
intrusion_detection_service
media_quality_service
proc_cgroups
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a1c9ed3..a14454d 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -347,6 +347,7 @@
dump_hal(hal_sensors)
dump_hal(hal_thermal)
dump_hal(hal_vehicle)
+dump_hal(hal_vm_capabilities)
dump_hal(hal_weaver)
dump_hal(hal_wifi)
diff --git a/private/hal_vm_capabilities.te b/private/hal_vm_capabilities.te
new file mode 100644
index 0000000..3197784
--- /dev/null
+++ b/private/hal_vm_capabilities.te
@@ -0,0 +1,9 @@
+# Domain for the VM capability HAL, which is used to allow some pVMs to issue
+# vendor-specific SMCs.
+
+binder_call(hal_vm_capabilities_client, hal_vm_capabilities_server)
+
+hal_attribute_service(hal_vm_capabilities, hal_vm_capabilities_service)
+
+binder_use(hal_vm_capabilities_client)
+binder_use(hal_vm_capabilities_server)
diff --git a/private/service.te b/private/service.te
index ce648c2..7a2153b 100644
--- a/private/service.te
+++ b/private/service.te
@@ -69,6 +69,10 @@
type ranging_service, app_api_service, system_server_service, service_manager_type;
')
+until_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
+
###
### Neverallow rules
###
diff --git a/private/service_contexts b/private/service_contexts
index e2998c7..cd1231e 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -138,6 +138,8 @@
android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/default u:object_r:hal_secretkeeper_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/nonsecure u:object_r:hal_secretkeeper_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/default u:object_r:hal_vm_capabilities_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop u:object_r:hal_vm_capabilities_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
diff --git a/private/su.te b/private/su.te
index 1e2adef..247fd0b 100644
--- a/private/su.te
+++ b/private/su.te
@@ -127,6 +127,7 @@
typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
+ typeattribute su hal_vm_capabilities_client;
typeattribute su hal_vr_client;
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
diff --git a/public/attributes b/public/attributes
index 6e11b86..1556d57 100644
--- a/public/attributes
+++ b/public/attributes
@@ -457,3 +457,8 @@
starting_at_board_api(202504, `
attribute tee_service_type;
')
+
+# HAL service used for custom smc filtering project
+starting_at_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/public/service.te b/public/service.te
index 68f4ea0..af8db0c 100644
--- a/public/service.te
+++ b/public/service.te
@@ -375,6 +375,9 @@
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
+starting_at_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 220fbd2..b0c7a37 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -207,3 +207,4 @@
/(vendor|system/vendor)/lib(64)?/libutils\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libutilscallstack\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libz\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.virtualization\.capabilities\.capabilities_service-noop u:object_r:hal_vm_capabilities_default_exec:s0
diff --git a/vendor/hal_vm_capabilities_default.te b/vendor/hal_vm_capabilities_default.te
new file mode 100644
index 0000000..82aaf41
--- /dev/null
+++ b/vendor/hal_vm_capabilities_default.te
@@ -0,0 +1,10 @@
+type hal_vm_capabilities_default, domain;
+
+starting_at_board_api(202504, `
+ hal_server_domain(hal_vm_capabilities_default, hal_vm_capabilities);
+')
+
+type hal_vm_capabilities_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vm_capabilities_default);
+
+# TODO(b/360102915): add more rules around vm_fd passed to the HAL