Update sepolicy to add dumpstate device service for AIDL HAL
- Add hal_dumpstate_service AIDL service to hal_dumpstate.te,
service.te
- Add default example hal_dumpstate service to file_contexts,
service_contexts
- Adde hal_dumpstate_service to API level 31 compatibility
ignore list (31.0.ignore.cil)
Bug: 205760700
Test: VtsHalDumpstateTargetTest, dumpstate, dumpstate_test, dumpsys
Change-Id: If49fa16ac5ab1d3a1930bb800d530cbd32c5dec1
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 05f1d73..bcb1023 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -18,6 +18,7 @@
extra_free_kbytes_exec
hal_contexthub_service
hal_dice_service
+ hal_dumpstate_service
hal_graphics_composer_service
hal_health_service
hal_radio_config_service
diff --git a/private/service_contexts b/private/service_contexts
index 4890af8..327b4f7 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -3,6 +3,7 @@
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
+android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
android.hardware.graphics.composer3.IComposer/default u:object_r:hal_graphics_composer_service:s0
android.hardware.health.storage.IStorage/default u:object_r:hal_health_storage_service:s0
diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index 9f854e3..aee283a 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te
@@ -5,6 +5,9 @@
set_prop(hal_dumpstate_server, hal_dumpstate_config_prop)
hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice)
+hal_attribute_service(hal_dumpstate, hal_dumpstate_service)
+
+binder_call(hal_dumpstate_server, servicemanager)
# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
allow hal_dumpstate shell_data_file:file write;
diff --git a/public/service.te b/public/service.te
index dc9b178..9fb8df3 100644
--- a/public/service.te
+++ b/public/service.te
@@ -262,6 +262,7 @@
type hal_authsecret_service, vendor_service, protected_service, service_manager_type;
type hal_contexthub_service, vendor_service, protected_service, service_manager_type;
type hal_dice_service, vendor_service, protected_service, service_manager_type;
+type hal_dumpstate_service, vendor_service, protected_service, service_manager_type;
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 35c2d95..6816b97 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -33,6 +33,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service-lazy u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.[0-1]-service\.example u:object_r:hal_dumpstate_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.example u:object_r:hal_dumpstate_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss-service.example u:object_r:hal_gnss_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0