Sepolicy for allocator hal.
Bug: 32123421
Test: full build/test of allocator hal using hidl_test
Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b
diff --git a/private/file_contexts b/private/file_contexts
index 95293f7..c081f5b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -244,6 +244,7 @@
/system/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/system/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
/system/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
+/system/bin/hw/android\.hidl\.memory@1\.0-service u:object_r:hal_allocator_exec:s0
#############################
# Vendor files
diff --git a/private/hal_allocator.te b/private/hal_allocator.te
new file mode 100644
index 0000000..d185d49
--- /dev/null
+++ b/private/hal_allocator.te
@@ -0,0 +1 @@
+init_daemon_domain(hal_allocator)
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
new file mode 100644
index 0000000..784bacb
--- /dev/null
+++ b/public/hal_allocator.te
@@ -0,0 +1,6 @@
+# allocator subsystem
+type hal_allocator, domain;
+type hal_allocator_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_allocator)
diff --git a/public/te_macros b/public/te_macros
index 2dca5e2..60c7a1a 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -223,6 +223,14 @@
')
#####################################
+# hwallocator_use(domain)
+# Allow a domain to use Hidl shared memory
+define(`hwallocator_use', `
+# Call into the allocator hal
+binder_call($1, hal_allocator);
+'')
+
+#####################################
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `