commit a9ce208680b3a9c1ddcf9bfce886909b66297964
author Alexey Polyudov <apolyudov@google.com> Thu Oct 20 11:20:25 2016 -0700
committer Alexey Polyudov <apolyudov@google.com> Tue Jan 03 14:05:04 2017 -0800
tree 2c5d77b67cff893a9c38f60a7a4daefc09a1a9da
parent cdbb19f136179102cb1ce36ec3845a30c416a855

gatekeeper HAL service: add security policy

Change-Id: I79a305407c3a362d7be11f4c026f31f1e9666f1c
Signed-off-by: Alexey Polyudov <apolyudov@google.com>

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 6f8f741..5b5b7d5 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -233,6 +233,7 @@
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
+/system/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
 /system/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0

private/hal_gatekeeper_default.te

diff --git a/private/hal_gatekeeper_default.te b/private/hal_gatekeeper_default.te
new file mode 100644
index 0000000..e0c5613
--- /dev/null
+++ b/private/hal_gatekeeper_default.te
@@ -0,0 +1,4 @@
+type hal_gatekeeper_default, hal_gatekeeper, domain;
+type hal_gatekeeper_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_gatekeeper_default);