Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5043c02262bdae99679fc5010a13aecbafc54f23^1..5043c02262bdae99679fc5010a13aecbafc54f23 / .
commit5043c02262bdae99679fc5010a13aecbafc54f23[log] [tgz]
authorSteven Moreland <smoreland@google.com>Wed Sep 21 21:26:01 2022 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Sep 21 21:26:01 2022 +0000
tree2e86aa1f70c80ecaa0832057c26a189a93a4ef0c
parent396d34b7c8c0398335fc163781d37e7af379bca0 [diff]
parent1d2a3fedcc7f196e8d9a0517e052769dab4858e4 [diff]
Merge "hidl2aidl: conversion of gatekeeper hidl to aidl"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 9ba8573..cf6b72d 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -34,6 +34,7 @@
 		"android.hardware.drm.IDrmFactory/clearkey":                               []string{},
 		"android.hardware.drm.ICryptoFactory/clearkey":                            []string{},
 		"android.hardware.dumpstate.IDumpstateDevice/default":                     []string{},
+		"android.hardware.gatekeeper.IGatekeeper/default":                         []string{},
 		"android.hardware.gnss.IGnss/default":                                     []string{},
 		"android.hardware.graphics.allocator.IAllocator/default":                  []string{},
 		"android.hardware.graphics.composer3.IComposer/default":                   []string{},

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 88d33bf..4589cdc 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil

@@ -21,4 +21,5 @@
     tuner_server_ctl_prop
     virtual_face_hal_prop
     virtual_fingerprint_hal_prop
+    hal_gatekeeper_service
   ))

diff --git a/private/service_contexts b/private/service_contexts
index 061e37c..63f3ff7 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -56,6 +56,7 @@
 android.hardware.security.dice.IDiceDevice/default                   u:object_r:hal_dice_service:s0
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
+android.hardware.gatekeeper.IGatekeeper/default                      u:object_r:hal_gatekeeper_service:s0
 android.hardware.security.secureclock.ISecureClock/default             u:object_r:hal_secureclock_service:s0
 android.hardware.security.sharedsecret.ISharedSecret/default             u:object_r:hal_sharedsecret_service:s0
 android.hardware.sensors.ISensors/default                            u:object_r:hal_sensors_service:s0

diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
index b918f88..fc23e64 100644
--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te

@@ -1,6 +1,8 @@
 binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
 
 hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
+hal_attribute_service(hal_gatekeeper, hal_gatekeeper_service)
+binder_call(hal_gatekeeper_server, servicemanager)
 
 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;

diff --git a/public/service.te b/public/service.te
index eea5131..c2060c1 100644
--- a/public/service.te
+++ b/public/service.te

@@ -311,6 +311,7 @@
 type hal_nlinterceptor_service, protected_service, hal_service_type, service_manager_type;
 type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
 type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
+type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
 
 ###
 ### Neverallow rules