Add test_pkvm_tee_service example tee service
It can be used to test that custom smcs filtering is correctly
integrated on devices with pkvm hypervisor.
Bug: 360102915
Test: vm run-microdroid --tee_services test_pkvm_tee_service
Test: builds
Change-Id: I10ccc42d754b2b16139d6c3b22754a1d3cbc76a3
diff --git a/private/shell.te b/private/shell.te
index 31bf506..70f296e 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -484,6 +484,7 @@
')
allow shell tee_service_contexts_file:file r_file_perms;
+allow shell test_pkvm_tee_service:tee_service use;
# Everything is labeled as rootfs in recovery mode. Allow shell to
# execute them.
diff --git a/private/tee_service_contexts b/private/tee_service_contexts
index 3791876..89eceae 100644
--- a/private/tee_service_contexts
+++ b/private/tee_service_contexts
@@ -7,3 +7,7 @@
# <tee_service_name> <label>
#
# <tee_service_name> must be a string
+
+# Example tee service that can be used for end-to-end integration of
+# custom smcs filtering on devices with pkvm hypervisor.
+test_pkvm_tee_service u:object_r:test_pkvm_tee_service:s0
diff --git a/private/tee_services.te b/private/tee_services.te
index c6fdb5c..320f8b7 100644
--- a/private/tee_services.te
+++ b/private/tee_services.te
@@ -1,3 +1,6 @@
# Specify tee_services in this file.
# Please keep the names in the alphabetical order and comment each new entry.
+# An example tee_service that can be used to test end-to-end integration of custom
+# smcs filtering feature on a device with pkvm hypervisor.
+type test_pkvm_tee_service, tee_service_type;