Add hwcryptohal permissions
Adding necessary permissions for hwcrypto hal.
Bug: b/374158137
Test: android/trusty qemu build and trusty test
Change-Id: I543b7a36c85ec64350bbad8d19596f37a20369ac
diff --git a/vendor/file_contexts b/vendor/file_contexts
index b0c7a37..dc09d79 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -114,6 +114,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal-service\.example u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.threadnetwork-service(\.sim)? u:object_r:hal_threadnetwork_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.trusty\.hwcryptohal-service u:object_r:hal_hwcrypto_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.cec-service u:object_r:hal_tv_hdmi_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.connection-service u:object_r:hal_tv_hdmi_connection_default_exec:s0
diff --git a/vendor/hal_hwcrypto_default.te b/vendor/hal_hwcrypto_default.te
new file mode 100644
index 0000000..7cb2eef
--- /dev/null
+++ b/vendor/hal_hwcrypto_default.te
@@ -0,0 +1,12 @@
+type hal_hwcrypto_default, domain;
+hal_server_domain(hal_hwcrypto_default, hal_hwcrypto)
+
+type hal_hwcrypto_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_hwcrypto_default)
+
+allow hal_hwcrypto_default tee_device:chr_file rw_file_perms;
+allow hal_hwcrypto_default ion_device:chr_file rw_file_perms;
+
+binder_call(hal_hwcrypto_client, hal_hwcrypto_server);
+hal_attribute_service(hal_hwcrypto, hal_hwcrypto_service);
+binder_use(hal_hwcrypto_server);