Merge "sepolicy for SE HAL"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 1bb6eb6..72f4804 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -87,6 +87,12 @@
"android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
"android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
"android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
"android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3750e7d..45bca3d 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -16,6 +16,7 @@
hal_bootctl_service
hal_cas_service
hal_remoteaccess_service
+ hal_secure_element_service
hal_thermal_service
hal_usb_gadget_service
hal_tv_input_service
diff --git a/private/service_contexts b/private/service_contexts
index 562e3d4..ecd1f44 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -88,6 +88,12 @@
android.hardware.wifi.hostapd.IHostapd/default u:object_r:hal_wifi_hostapd_service:s0
android.hardware.wifi.supplicant.ISupplicant/default u:object_r:hal_wifi_supplicant_service:s0
android.se.omapi.ISecureElementService/default u:object_r:secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE1 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE2 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE3 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM1 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM2 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
diff --git a/public/hal_secure_element.te b/public/hal_secure_element.te
index 3724d35..8d3e15c 100644
--- a/public/hal_secure_element.te
+++ b/public/hal_secure_element.te
@@ -3,3 +3,8 @@
binder_call(hal_secure_element_server, hal_secure_element_client)
hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice)
+hal_attribute_service(hal_secure_element, hal_secure_element_service)
+
+binder_use(hal_secure_element_server)
+
+allow hal_secure_element_client hal_secure_element_service:service_manager find;
diff --git a/public/service.te b/public/service.te
index 1ff3668..9ca96bd 100644
--- a/public/service.te
+++ b/public/service.te
@@ -306,6 +306,7 @@
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
+type hal_secure_element_service, protected_service, hal_service_type, service_manager_type;
type hal_sharedsecret_service, protected_service, hal_service_type, service_manager_type;
type hal_system_suspend_service, protected_service, hal_service_type, service_manager_type;
type hal_thermal_service, protected_service, hal_service_type, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index c69b451..ee7458e 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -91,6 +91,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service\.example u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.dice-service\.non-secure-software u:object_r:hal_dice_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0