SE Policy for Secure Element app and Secure Element HAL
Test: App startup on boot
Change-Id: I7740aafc088aadf676328e3f1bb8db5175d97102
diff --git a/public/attributes b/public/attributes
index 66ce7d0..8138a3f 100644
--- a/public/attributes
+++ b/public/attributes
@@ -229,6 +229,7 @@
hal_attribute(nfc);
hal_attribute(oemlock);
hal_attribute(power);
+hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
hal_attribute(tetheroffload);
diff --git a/public/hal_secure_element.te b/public/hal_secure_element.te
new file mode 100644
index 0000000..e3046d1
--- /dev/null
+++ b/public/hal_secure_element.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_secure_element_client, hal_secure_element_server)
+binder_call(hal_secure_element_server, hal_secure_element_client)
+
+add_hwservice(hal_secure_element_server, hal_secure_element_hwservice)
+allow hal_secure_element_client hal_secure_element_hwservice:hwservice_manager find;
diff --git a/public/hwservice.te b/public/hwservice.te
index f6ab621..436ec68 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -31,6 +31,7 @@
type hal_omx_hwservice, hwservice_manager_type;
type hal_power_hwservice, hwservice_manager_type;
type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
+type hal_secure_element_hwservice, hwservice_manager_type;
type hal_sensors_hwservice, hwservice_manager_type;
type hal_telephony_hwservice, hwservice_manager_type;
type hal_tetheroffload_hwservice, hwservice_manager_type;
diff --git a/public/secure_element.te b/public/secure_element.te
new file mode 100644
index 0000000..4ce6714
--- /dev/null
+++ b/public/secure_element.te
@@ -0,0 +1,2 @@
+# secure_element subsystem
+type secure_element, domain;
diff --git a/public/service.te b/public/service.te
index 6f9d47c..e13b6d5 100644
--- a/public/service.te
+++ b/public/service.te
@@ -23,6 +23,7 @@
type nfc_service, service_manager_type;
type perfprofd_service, service_manager_type;
type radio_service, service_manager_type;
+type secure_element_service, service_manager_type;
type storaged_service, service_manager_type;
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type system_app_service, service_manager_type;
diff --git a/public/su.te b/public/su.te
index edc62c3..fd90ebe 100644
--- a/public/su.te
+++ b/public/su.te
@@ -81,6 +81,7 @@
typeattribute su hal_nfc_client;
typeattribute su hal_oemlock_client;
typeattribute su hal_power_client;
+ typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
typeattribute su hal_telephony_client;
typeattribute su hal_tetheroffload_client;