Add sepolicy for NNAPI AIDL HAL service
This is a shared part that all NN HAL users otherwise would have to
define themselves.
Bug: 172922059
Test: m
Test: VtsHalNeuralnetworksTest on master (locally)
Change-Id: I3616d0afbb115bc0feaed00488855646633da915
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index fb0eb17..5858de7 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -38,6 +38,7 @@
hal_dumpstate_config_prop
hal_gnss_service
hal_keymint_service
+ hal_neuralnetworks_service
hal_power_stats_service
keystore_compat_hal_service
keystore2_key_contexts_file
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 228d990..416448a 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -28,3 +28,9 @@
# This property is only expected to be found in /product/build.prop,
# allow to be set only by init.
neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
+
+# Define sepolicy for NN AIDL HAL service
+hal_attribute_service(hal_neuralnetworks, hal_neuralnetworks_service)
+binder_call(hal_neuralnetworks_server, servicemanager)
+
+allow hal_neuralnetworks_server dumpstate:fifo_file write;
diff --git a/public/service.te b/public/service.te
index aebcb7e..6354138 100644
--- a/public/service.te
+++ b/public/service.te
@@ -237,6 +237,7 @@
type hal_keymint_service, vendor_service, protected_service, service_manager_type;
type hal_light_service, vendor_service, protected_service, service_manager_type;
type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_neuralnetworks_service, vendor_service, service_manager_type;
type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
type hal_power_service, vendor_service, protected_service, service_manager_type;
type hal_power_stats_service, vendor_service, protected_service, service_manager_type;