commit 814e89a1b2429b06a0fa45acb5f29c25002b3f65
author Chirag Pathak <pathakc@google.com> Thu Jan 28 06:55:21 2021 +0000
committer Chirag Pathak <pathakc@google.com> Wed Feb 10 18:45:07 2021 +0000
tree a5b9d8d7bc3f952050873dfb67f38077b917cf37
parent 7b3ae030264f77f63e8cdcc1dc6b8b138f2d0ca6

The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server.
Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest.
Bug: b/171844725, b/168673523.

Change-Id: I8b81ec12c45566d31edcd117e41fd559df32c37d

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index d1800df..0077d4a 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -47,6 +47,8 @@
     hal_keymint_service
     hal_neuralnetworks_service
     hal_power_stats_service
+    hal_secureclock_service
+    hal_sharedsecret_service
     hal_weaver_service
     keystore_compat_hal_service
     keystore2_key_contexts_file

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 404f593..d85d738 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -12,6 +12,8 @@
 android.hardware.power.stats.IPowerStats/default                      u:object_r:hal_power_stats_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
+android.hardware.security.secureclock.ISecureClock/default             u:object_r:hal_secureclock_service:s0
+android.hardware.security.sharedsecret.ISharedSecret/default             u:object_r:hal_sharedsecret_service:s0
 android.hardware.vibrator.IVibrator/default                          u:object_r:hal_vibrator_service:s0
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0
 android.hardware.weaver.IWeaver/default                              u:object_r:hal_weaver_service:s0

public/service.te

diff --git a/public/service.te b/public/service.te
index cfc8a2f..93e6cc0 100644
--- a/public/service.te
+++ b/public/service.te
@@ -250,6 +250,8 @@
 type hal_power_service, vendor_service, protected_service, service_manager_type;
 type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
+type hal_secureclock_service, vendor_service, protected_service, service_manager_type;
+type hal_sharedsecret_service, vendor_service, protected_service, service_manager_type;
 type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
 type hal_weaver_service, vendor_service, protected_service, service_manager_type;
 

vendor/hal_keymint_default.te

diff --git a/vendor/hal_keymint_default.te b/vendor/hal_keymint_default.te
index d86b7b4..3b86a1b 100644
--- a/vendor/hal_keymint_default.te
+++ b/vendor/hal_keymint_default.te
@@ -4,4 +4,7 @@
 type hal_keymint_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_keymint_default)
 
+hal_attribute_service(hal_keymint, hal_secureclock_service)
+hal_attribute_service(hal_keymint, hal_sharedsecret_service)
+
 get_prop(hal_keymint_default, vendor_security_patch_level_prop);