commit 553afe724201aae1c858a3a6d87e79c3183e6dbc
author ChengYou Ho <chengyouho@google.com> Fri Dec 25 17:30:11 2020 +0800
committer Chengyou Ho <chengyouho@google.com> Mon Jan 11 05:57:17 2021 +0000
tree eea804eefe424ae3fc75d09c1a44208d0f9b1c91
parent b46e956d971ca41a5dad43c014bd66c1644d0f13

Add sepolicy for oemlock aidl HAL

Bug: 176107318
Change-Id: I26f8926401b15136f0aca79b3d5964ab3b59fbdd

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 07ec8f1..05d766c 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -27,6 +27,7 @@
     hal_face_service
     hal_fingerprint_service
     hal_memtrack_service
+    hal_oemlock_service
     gnss_device
     hal_dumpstate_config_prop
     hal_gnss_service

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 2c30471..eff9bdf 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -5,6 +5,7 @@
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.memtrack.IMemtrack/default                          u:object_r:hal_memtrack_service:s0
+android.hardware.oemlock.IOemLock/default                            u:object_r:hal_oemlock_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.power.stats.IPowerStats/default                      u:object_r:hal_power_stats_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0

public/hal_oemlock.te

diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
index 26b2b42..9f38fa5 100644
--- a/public/hal_oemlock.te
+++ b/public/hal_oemlock.te
@@ -2,3 +2,6 @@
 binder_call(hal_oemlock_client, hal_oemlock_server)
 
 hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
+hal_attribute_service(hal_oemlock, hal_oemlock_service)
+
+binder_call(hal_oemlock_server, servicemanager)

public/service.te

diff --git a/public/service.te b/public/service.te
index 3463128..c7eabc8 100644
--- a/public/service.te
+++ b/public/service.te
@@ -232,6 +232,7 @@
 type hal_keymint_service, vendor_service, protected_service, service_manager_type;
 type hal_light_service, vendor_service, protected_service, service_manager_type;
 type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
 type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;

vendor/hal_oemlock_default.te

diff --git a/vendor/hal_oemlock_default.te b/vendor/hal_oemlock_default.te
new file mode 100644
index 0000000..8597f2c
--- /dev/null
+++ b/vendor/hal_oemlock_default.te
@@ -0,0 +1,5 @@
+type hal_oemlock_default, domain;
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_default)