Define sepolicy for ivn HAL. Test: manually verify ivn HAL on gcar_emu. Bug: 274139217 Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090

commit: 9eb72464b592d976badfbf23b4056dacbce7144f [log] [tgz]
author: Yu Shan <shanyu@google.com> Mon Apr 10 17:33:12 2023 -0700
committer: Yu Shan <shanyu@google.com> Mon Apr 10 17:42:51 2023 -0700
tree: 31b604b7a97777a7139d4b37e209997847f06091
parent: afb616d349c59746f8a9df0bd0d68ac5c49b11bd [diff]
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index d91ef21..c8359f0 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -39,6 +39,7 @@
 		"android.hardware.boot.IBootControl/default":                              EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.can.ICanController/default":                  EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.evs.IEvsEnumerator/hw/1":                     EXCEPTION_NO_FUZZER,
+		"android.hardware.automotive.ivn.IIvnAndroidDevice/default":               EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.remoteaccess.IRemoteAccess/default":          EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.vehicle.IVehicle/default":                    EXCEPTION_NO_FUZZER,
 		"android.hardware.automotive.audiocontrol.IAudioControl/default":          EXCEPTION_NO_FUZZER,

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index cfbe2da..293cb24 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil

@@ -29,6 +29,7 @@
     hal_bluetooth_service
     hal_bootctl_service
     hal_cas_service
+    hal_ivn_service
     hal_remoteaccess_service
     hal_secure_element_service
     hal_tetheroffload_service

diff --git a/private/service_contexts b/private/service_contexts
index 9755eaa..5fc14f3 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -20,6 +20,7 @@
 android.hardware.automotive.can.ICanController/default               u:object_r:hal_can_controller_service:s0
 android.hardware.automotive.evs.IEvsEnumerator/hw/1                  u:object_r:hal_evs_service:s0
 android.hardware.automotive.audiocontrol.IAudioControl/default       u:object_r:hal_audiocontrol_service:s0
+android.hardware.automotive.ivn.IIvnAndroidDevice/default            u:object_r:hal_ivn_service:s0
 android.hardware.automotive.remoteaccess.IRemoteAccess/default       u:object_r:hal_remoteaccess_service:s0
 android.hardware.automotive.vehicle.IVehicle/default                 u:object_r:hal_vehicle_service:s0
 android.hardware.biometrics.face.IFace/default                       u:object_r:hal_face_service:s0

diff --git a/public/attributes b/public/attributes
index 1e2dabb..09463e3 100644
--- a/public/attributes
+++ b/public/attributes

@@ -352,6 +352,7 @@
 hal_attribute(input_classifier);
 hal_attribute(input_processor);
 hal_attribute(ir);
+hal_attribute(ivn);
 hal_attribute(keymaster);
 hal_attribute(keymint);
 hal_attribute(light);

diff --git a/public/hal_ivn.te b/public/hal_ivn.te
new file mode 100644
index 0000000..b10e9f2
--- /dev/null
+++ b/public/hal_ivn.te

@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_ivn_client, hal_ivn_server)
+
+hal_attribute_service(hal_ivn, hal_ivn_service)
\ No newline at end of file

diff --git a/public/service.te b/public/service.te
index 3dc9d85..0936cc4 100644
--- a/public/service.te
+++ b/public/service.te

@@ -296,6 +296,7 @@
 type hal_identity_service, protected_service, hal_service_type, service_manager_type;
 type hal_input_processor_service, protected_service, hal_service_type, service_manager_type;
 type hal_ir_service, protected_service, hal_service_type, service_manager_type;
+type hal_ivn_service, protected_service, hal_service_type, service_manager_type;
 type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
 type hal_light_service, protected_service, hal_service_type, service_manager_type;
 type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;

diff --git a/vendor/file_contexts b/vendor/file_contexts
index ac23351..a2e460d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -12,6 +12,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service  u:object_r:hal_can_socketcan_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service  u:object_r:hal_can_socketcan_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)?          u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.ivn@V1-(.*)-service u:object_r:hal_ivn_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service)  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0

diff --git a/vendor/hal_ivn_default.te b/vendor/hal_ivn_default.te
new file mode 100644
index 0000000..26fa973
--- /dev/null
+++ b/vendor/hal_ivn_default.te

@@ -0,0 +1,9 @@
+type hal_ivn_default, domain;
+hal_server_domain(hal_ivn_default, hal_ivn)
+
+# May be started by init
+type hal_ivn_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_ivn_default)
+
+# Allow registering with service manager.
+binder_call(hal_ivn_default, servicemanager)
\ No newline at end of file
commit	9eb72464b592d976badfbf23b4056dacbce7144f	[log] [tgz]
author	Yu Shan <shanyu@google.com>	Mon Apr 10 17:33:12 2023 -0700
committer	Yu Shan <shanyu@google.com>	Mon Apr 10 17:42:51 2023 -0700
tree	31b604b7a97777a7139d4b37e209997847f06091
parent	afb616d349c59746f8a9df0bd0d68ac5c49b11bd [diff]