Define sepolicy for ivn HAL.
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
diff --git a/vendor/file_contexts b/vendor/file_contexts
index ac23351..a2e460d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -12,6 +12,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.ivn@V1-(.*)-service u:object_r:hal_ivn_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0
diff --git a/vendor/hal_ivn_default.te b/vendor/hal_ivn_default.te
new file mode 100644
index 0000000..26fa973
--- /dev/null
+++ b/vendor/hal_ivn_default.te
@@ -0,0 +1,9 @@
+type hal_ivn_default, domain;
+hal_server_domain(hal_ivn_default, hal_ivn)
+
+# May be started by init
+type hal_ivn_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_ivn_default)
+
+# Allow registering with service manager.
+binder_call(hal_ivn_default, servicemanager)
\ No newline at end of file