commit 9bd164241e393047d7a61a32b0108c1ca9376cf9
author Ilya Matyukhin <ilyamaty@google.com> Fri Sep 25 11:38:42 2020 -0700
committer Ilya Matyukhin <ilyamaty@google.com> Mon Sep 28 15:57:59 2020 -0700
tree 62e4675a8772d0e001475819d2a5730764609caf
parent 7c837afe7d08ade0eace94dd9f2fcdac9df056c3

Add sepolicy for IFace

Bug: 168730443
Test: run on cuttlefish
Change-Id: Ie3cf791e7aac090788c7213d23487ae9f50b0690

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 812f1a2..a70db8a 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -683,6 +683,7 @@
     -virtual_touchpad_service
     -vr_hwc_service
     -vr_manager_service
+    userdebug_or_eng(`-hal_face_service')
   }:service_manager find;
 ')
 

public/hal_face.te

diff --git a/public/hal_face.te b/public/hal_face.te
index b250586..0134576 100644
--- a/public/hal_face.te
+++ b/public/hal_face.te
@@ -3,6 +3,9 @@
 binder_call(hal_face_server, hal_face_client)
 
 hal_attribute_hwservice(hal_face, hal_face_hwservice)
+hal_attribute_service(hal_face, hal_face_service)
+
+binder_call(hal_face_server, servicemanager)
 
 # Allow access to the ion memory allocation device.
 allow hal_face ion_device:chr_file r_file_perms;

public/service.te

diff --git a/public/service.te b/public/service.te
index 62c1b11..ffbf5dc 100644
--- a/public/service.te
+++ b/public/service.te
@@ -213,6 +213,7 @@
 ### HAL Services
 ###
 
+type hal_face_service, vendor_service, service_manager_type;
 type hal_fingerprint_service, vendor_service, service_manager_type;
 type hal_identity_service, vendor_service, service_manager_type;
 type hal_light_service, vendor_service, service_manager_type;