commit 97c56bdd78629cb3a57acdbd27d977f1cc6eed4b
author Janis Danisevskis <jdanis@google.com> Tue Jan 09 17:42:53 2018 -0500
committer Janis Danisevskis <jdanis@google.com> Wed Jan 24 10:22:40 2018 -0800
tree f6a52a9f69cf2c6c3bf7de05a387c80783b4cc34
parent cf391269acd6ff71fe254d2f62d9c82571dd24bf

Added default policy for Confirmation UI HAL

Bug: 63928580
Test: Manually tested.

Change-Id: If6bb10cb7c009883d853e46dcdeb92cd33877d53

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index cf9d0d3..bb9142d 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -183,6 +183,7 @@
   hal_bluetooth_hwservice
   hal_bootctl_hwservice
   hal_camera_hwservice
+  hal_confirmationui_hwservice
   hal_contexthub_hwservice
   hal_drm_hwservice
   hal_dumpstate_hwservice

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3a906e9..ca26357 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -37,6 +37,7 @@
     fs_bpf
     hal_broadcastradio_hwservice
     hal_cas_hwservice
+    hal_confirmationui_hwservice
     hal_lowpan_hwservice
     hal_neuralnetworks_hwservice
     hal_tetheroffload_hwservice

private/hwservice_contexts

diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 661e2ae..38a9af2 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -10,6 +10,7 @@
 android.hardware.broadcastradio::IBroadcastRadioFactory         u:object_r:hal_broadcastradio_hwservice:s0
 android.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 android.hardware.configstore::ISurfaceFlingerConfigs            u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
+android.hardware.confirmationui::IConfirmationUI                u:object_r:hal_confirmationui_hwservice:s0
 android.hardware.contexthub::IContexthub                        u:object_r:hal_contexthub_hwservice:s0
 android.hardware.cas::IMediaCasService                          u:object_r:hal_cas_hwservice:s0
 android.hardware.drm::ICryptoFactory                            u:object_r:hal_drm_hwservice:s0

private/keystore.te

diff --git a/private/keystore.te b/private/keystore.te
index a9647c6..90c4727 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -5,6 +5,12 @@
 # talk to keymaster
 hal_client_domain(keystore, hal_keymaster)
 
+# talk to confirmationui
+hal_client_domain(keystore, hal_confirmationui)
+
+# This is used for the ConfirmationUI async callback.
+allow keystore platform_app:binder call;
+
 # Offer the Wifi Keystore HwBinder service
 typeattribute keystore wifi_keystore_service_server;
 add_hwservice(keystore, system_wifi_keystore_hwservice)