Add sepolicy for non-secure AuthGraph impl
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: I85bf9e0656bab3c96765cc15a5a983aefb6af66d
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 69902d8..d102818 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -9,6 +9,7 @@
dtbo_block_device
ota_build_prop
snapuserd_log_data_file
+ hal_authgraph_service
hal_codec2_service
hal_threadnetwork_service
virtual_camera_service
diff --git a/private/service_contexts b/private/service_contexts
index a1fb06b..f97e638 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -89,6 +89,7 @@
android.hardware.radio.voice.IRadioVoice/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:hal_radio_service:s0
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
+android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure u:object_r:hal_authgraph_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index efdeff4..0229e6c 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -306,6 +306,7 @@
# Use HALs
hal_client_domain(system_server, hal_allocator)
hal_client_domain(system_server, hal_audio)
+hal_client_domain(system_server, hal_authgraph)
hal_client_domain(system_server, hal_authsecret)
hal_client_domain(system_server, hal_broadcastradio)
hal_client_domain(system_server, hal_codec2)