Add sepolicy rules for Thread Network HAL
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 0ea3863..aae1ac1 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -7,4 +7,5 @@
( new_objects
ota_build_prop
snapuserd_log_data_file
+ hal_threadnetwork_service
))
diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index 98e1a0a..b22ff90 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te
@@ -17,8 +17,4 @@
allow ot_daemon threadnetwork_data_file:file create_file_perms;
allow ot_daemon threadnetwork_data_file:sock_file {create unlink};
-# used for simulation
-userdebug_or_eng(`
-create_pty(ot_daemon);
-domain_auto_trans(ot_daemon, ot_rcp_exec, ot_rcp);
-')
+hal_client_domain(ot_daemon, hal_threadnetwork)
diff --git a/private/ot_rcp.te b/private/ot_rcp.te
deleted file mode 100644
index 0f6f1d3..0000000
--- a/private/ot_rcp.te
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# ot_rcp is the simulated Thread Radio Coprocessor device which is used by ot_daemon.
-#
-
-type ot_rcp, domain, coredomain;
-type ot_rcp_exec, exec_type, file_type, system_file_type;
-
-userdebug_or_eng(`
-allow ot_rcp ot_daemon:fd use;
-allow ot_rcp ot_daemon:fifo_file rw_file_perms;
-allow ot_rcp ot_daemon_devpts:chr_file {read write};
-allow ot_rcp self:udp_socket create_socket_perms_no_ioctl;
-allow ot_rcp port:udp_socket name_bind;
-allow ot_rcp node:udp_socket node_bind;
-')
diff --git a/private/service_contexts b/private/service_contexts
index 6d48a74..a731dfd 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -94,6 +94,7 @@
android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
android.hardware.tetheroffload.IOffload/default u:object_r:hal_tetheroffload_service:s0
android.hardware.thermal.IThermal/default u:object_r:hal_thermal_service:s0
+android.hardware.threadnetwork.IThreadChip/chip0 u:object_r:hal_threadnetwork_service:s0
android.hardware.tv.hdmi.cec.IHdmiCec/default u:object_r:hal_tv_hdmi_cec_service:s0
android.hardware.tv.hdmi.connection.IHdmiConnection/default u:object_r:hal_tv_hdmi_connection_service:s0
android.hardware.tv.hdmi.earc.IEArc/default u:object_r:hal_tv_hdmi_earc_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index d30f657..006caf7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -333,6 +333,7 @@
hal_client_domain(system_server, hal_sensors)
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
+hal_client_domain(system_server, hal_threadnetwork)
hal_client_domain(system_server, hal_tv_cec)
hal_client_domain(system_server, hal_tv_hdmi_cec)
hal_client_domain(system_server, hal_tv_hdmi_connection)