Sepolicy update for Automotive Display Service
Bug: 140395359
Test: make sepolicy -j
Change-Id: Ib6ddf55210d8a8ee4868359c88e3d177edce9610
Signed-off-by: Changyeon Jo <changyeon@google.com>
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
new file mode 100644
index 0000000..e397d10
--- /dev/null
+++ b/private/automotive_display_service.te
@@ -0,0 +1,20 @@
+# Display service for Automotive
+type automotive_display, domain, coredomain;
+type automotive_display_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(automotive_display)
+
+# Allow to use Binder IPC for SurfaceFlinger.
+binder_use(automotive_display)
+
+# Allow to use HwBinder IPC for HAL implementations.
+hwbinder_use(automotive_display)
+
+# Allow to read the target property.
+get_prop(automotive_display, hwservicemanager_prop)
+
+# Allow to find SurfaceFlinger.
+allow automotive_display surfaceflinger_service:service_manager find;
+
+# Allow client domain to do binder IPC to serverdomain.
+binder_call(automotive_display, surfaceflinger)
diff --git a/private/automotive_display_service_server.te b/private/automotive_display_service_server.te
new file mode 100644
index 0000000..a916de8
--- /dev/null
+++ b/private/automotive_display_service_server.te
@@ -0,0 +1 @@
+add_hwservice(automotive_display, fwk_automotive_display_hwservice)
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 3a5be19..5347096 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -14,6 +14,8 @@
app_integrity_service
app_search_service
auth_service
+ automotive_display
+ automotive_display_exec
ashmem_libcutils_device
blob_store_service
binder_cache_system_server_prop
@@ -30,6 +32,7 @@
device_config_sys_traced_prop
exported_camera_prop
file_integrity_service
+ fwk_automotive_display_hwservice
gmscore_app
hal_can_bus_hwservice
hal_can_controller_hwservice
diff --git a/private/file_contexts b/private/file_contexts
index c98909e..c7729d8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -343,6 +343,7 @@
/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
/system/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_exec:s0
#############################
# Vendor files
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 96b2760..238fd53 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -4,6 +4,7 @@
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0
+android.frameworks.automotive.display::ICarWindowService u:object_r:fwk_automotive_display_hwservice:s0
android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0