Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / bc7a33ece96d7da5a79509983caf1a2a67c4ecbd^! / . / private
commitbc7a33ece96d7da5a79509983caf1a2a67c4ecbd[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Wed Nov 10 14:52:05 2021 -0800
committerJanis Danisevskis <jdanis@google.com>Wed Nov 17 13:36:18 2021 -0800
tree307aebee5fc82acb0773f72ef25af43fdb7a5762
parent2b6c6063ae8799f3d4e71032e06816ebfcd22586 [diff]
Dice HAL: Add policy for dice HAL.

And allow diced to talk to the dice HAL.

Bug: 198197213
Test: N/A
Change-Id: I74797b13656b38b50d7cd28a4c4c6ec4c8d1d1aa

diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 5e55093..c92cc62 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil

@@ -16,6 +16,7 @@
     extra_free_kbytes
     extra_free_kbytes_exec
     hal_contexthub_service
+    hal_dice_service
     hal_graphics_composer_service
     hal_health_service
     hal_radio_config_service

diff --git a/private/diced.te b/private/diced.te
index 9d28128..b37809c 100644
--- a/private/diced.te
+++ b/private/diced.te

@@ -3,5 +3,4 @@
 init_daemon_domain(diced)
 
 # Talk to dice HAL.
-# TODO uncomment when implemented.
-# hal_client_domain(diced, hal_dice)
+hal_client_domain(diced, hal_dice)

diff --git a/private/service_contexts b/private/service_contexts
index 81d8f8e..0e723f2 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -34,6 +34,7 @@
 android.hardware.radio.voice.IRadioVoice/slot2                       u:object_r:hal_radio_voice_service:s0
 android.hardware.radio.voice.IRadioVoice/slot3                       u:object_r:hal_radio_voice_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
+android.hardware.security.dice.IDiceDevice/default                   u:object_r:hal_dice_service:s0
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
 android.hardware.security.secureclock.ISecureClock/default             u:object_r:hal_secureclock_service:s0