commit d2acfb0f9c4fb703ac4a099d950ae06ce261474e
author Ilya Matyukhin <ilyamaty@google.com> Tue Sep 29 20:20:00 2020 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Sep 29 20:20:00 2020 +0000
tree 5f44e9b2b7ad257859d5b20a7edd966111149d6b
parent 1ae3b13e397c9aca5dabfc8ee9009d30c8c53d55
parent 9bd164241e393047d7a61a32b0108c1ca9376cf9

Merge "Add sepolicy for IFace"

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 2e33524..7db303c 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -13,6 +13,7 @@
     dmabuf_system_heap_device
     gki_apex_prepostinstall
     gki_apex_prepostinstall_exec
+    hal_face_service
     hal_fingerprint_service
     gnss_device
     hal_dumpstate_config_prop

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index c422bc7..f5cd873 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.biometrics.face.IFace/default                       u:object_r:hal_face_service:s0
 android.hardware.biometrics.fingerprint.IFingerprint/default         u:object_r:hal_fingerprint_service:s0
 android.hardware.gnss.IGnss/default                                  u:object_r:hal_gnss_service:s0
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index d955c5e..931a045 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -684,6 +684,7 @@
     -virtual_touchpad_service
     -vr_hwc_service
     -vr_manager_service
+    userdebug_or_eng(`-hal_face_service')
   }:service_manager find;
 ')
 

public/hal_face.te

diff --git a/public/hal_face.te b/public/hal_face.te
index b250586..0134576 100644
--- a/public/hal_face.te
+++ b/public/hal_face.te
@@ -3,6 +3,9 @@
 binder_call(hal_face_server, hal_face_client)
 
 hal_attribute_hwservice(hal_face, hal_face_hwservice)
+hal_attribute_service(hal_face, hal_face_service)
+
+binder_call(hal_face_server, servicemanager)
 
 # Allow access to the ion memory allocation device.
 allow hal_face ion_device:chr_file r_file_perms;

public/service.te

diff --git a/public/service.te b/public/service.te
index af19eb4..7d40854 100644
--- a/public/service.te
+++ b/public/service.te
@@ -213,6 +213,7 @@
 ### HAL Services
 ###
 
+type hal_face_service, vendor_service, service_manager_type;
 type hal_fingerprint_service, vendor_service, service_manager_type;
 type hal_gnss_service, vendor_service, service_manager_type;
 type hal_identity_service, vendor_service, service_manager_type;

vendor/file_contexts

diff --git a/vendor/file_contexts b/vendor/file_contexts
index 7e02680..3668b12 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -12,6 +12,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux    u:object_r:hal_bluetooth_btlinux_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:hal_face_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service      u:object_r:hal_bootctl_default_exec:s0