Secretkeeper/Sepolicy: Create required domains
Add sepolicies rules for Secretkeeper HAL & nonsecure service
implementing the AIDL.
Test: atest VtsHalSkTargetTest & check for Selinux denials
Bug: 293429085
Change-Id: I907cf326e48e4dc180aa0d30e644416d4936ff78
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 28613c9..adbb2e7 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -100,6 +100,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure u:object_r:hal_authgraph_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.secretkeeper-service.nonsecure u:object_r:hal_secretkeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
diff --git a/vendor/hal_secretkeeper_default.te b/vendor/hal_secretkeeper_default.te
new file mode 100644
index 0000000..50f4ac1
--- /dev/null
+++ b/vendor/hal_secretkeeper_default.te
@@ -0,0 +1,5 @@
+type hal_secretkeeper_default, domain;
+hal_server_domain(hal_secretkeeper_default, hal_secretkeeper)
+
+type hal_secretkeeper_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secretkeeper_default)