Add atrace HAL 1.0 sepolicy
Bug: 111098596
Test: atrace/systrace
(cherry picked from commit 9ed5cf6e430a864630c2451bf35f18ac7668c12b)
Change-Id: I97772ff21754d03a0aea0d53b39e8da5312a17c0
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 1c1deb0..344ecd5 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -195,6 +195,7 @@
# Make sure that the following services are never accessible by untrusted_apps
neverallow all_untrusted_apps {
default_android_hwservice
+ hal_atrace_hwservice
hal_audio_hwservice
hal_authsecret_hwservice
hal_bluetooth_hwservice
diff --git a/private/atrace.te b/private/atrace.te
index ac9bedb..2a7ccd0 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -26,6 +26,9 @@
get_prop(atrace, hwservicemanager_prop)
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
allow atrace {
service_manager_type
-incident_service
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b64e10e..c585b66 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -57,6 +57,7 @@
fastbootd
fingerprint_vendor_data_file
fs_bpf
+ hal_atrace_hwservice
hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_broadcastradio_hwservice
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 494e634..95d820e 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -53,6 +53,7 @@
fastbootd
fingerprint_vendor_data_file
fs_bpf
+ hal_atrace_hwservice
hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_codec2_hwservice
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index cd7b7c8..4add5c6 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -11,6 +11,7 @@
buffer_hub_service
fastbootd
color_display_service
+ hal_atrace_hwservice
hal_health_storage_hwservice
hal_system_suspend_default
hal_system_suspend_default_exec
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 9af432d..f12385f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,6 +1,7 @@
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
+android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
diff --git a/private/shell.te b/private/shell.te
index 1213777..7b52a02 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -54,3 +54,6 @@
# Allow shell-based "dumpsys" to call into bufferhubd.
binder_call(shell, bufferhubd);
+
+# Allow shell to use atrace HAL
+hal_client_domain(shell, hal_atrace)