Add hal_vehicle_service for AIDL VHAL service.
Add selinux policy for AIDL Vehicel HAL service.
This CL mostly follows https://android-review.googlesource.com/c/platform/system/sepolicy/+/1541205/.
Test: Manually test on emulator, verify AIDL VHAL service is up and
accessible by client.
Bug: 209718034
Change-Id: Icad92e357dacea681b8539f6ebe6110a8ca8b357
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index 6eb9e46..ef50642 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -32,6 +32,7 @@
hal_system_suspend_service
hal_tv_tuner_service
hal_uwb_service
+ hal_vehicle_service
hal_wifi_hostapd_service
hal_wifi_supplicant_service
locale_service
diff --git a/private/service_contexts b/private/service_contexts
index 327b4f7..efdb2c0 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,4 +1,5 @@
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
+android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
diff --git a/public/hal_vehicle.te b/public/hal_vehicle.te
index 6855d14..c9eff55 100644
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te
@@ -4,3 +4,4 @@
hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice)
+hal_attribute_service(hal_vehicle, hal_vehicle_service)
diff --git a/public/service.te b/public/service.te
index 9fb8df3..24fa2ba 100644
--- a/public/service.te
+++ b/public/service.te
@@ -292,6 +292,7 @@
type hal_system_suspend_service, protected_service, service_manager_type;
type hal_tv_tuner_service, vendor_service, protected_service, service_manager_type;
type hal_uwb_service, vendor_service, protected_service, service_manager_type;
+type hal_vehicle_service, vendor_service, protected_service, service_manager_type;
type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
type hal_weaver_service, vendor_service, protected_service, service_manager_type;
type hal_nlinterceptor_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 6816b97..446f19a 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -10,6 +10,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-default-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index 56a47b7..52769dd 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -8,3 +8,6 @@
# communication with CAN bus HAL
hal_client_domain(hal_vehicle_default, hal_can_bus)
+
+# communicate with servicemanager
+binder_call(hal_vehicle_server, servicemanager)