Allow blank_screen to make binder calls to the servicemanager
blank_screen can not find and use the lights HAL if it cannot use the servicemanager. This
broke turning off the display during shutdown.
Change-Id: I6aff1cb71f805637abc79493ba2574143c5cf7cf
Test: adb root; adb shell setenforce 1; adb shell setprop ctl.start blank_screen
Test: adb logcat -b all | grep 'denied'
Bug: 151363454
diff --git a/private/blank_screen.te b/private/blank_screen.te
index 69dd7e6..20d50cc 100644
--- a/private/blank_screen.te
+++ b/private/blank_screen.te
@@ -3,6 +3,5 @@
init_daemon_domain(blank_screen)
+# hal_light_client has access to hal_light_server
hal_client_domain(blank_screen, hal_light)
-
-allow blank_screen hal_light_service:service_manager find;
diff --git a/public/hal_light.te b/public/hal_light.te
index 1e70b74..4aa824a 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -4,10 +4,13 @@
hal_attribute_hwservice(hal_light, hal_light_hwservice)
+# server adds itself via service_manager
add_service(hal_light_server, hal_light_service)
binder_call(hal_light_server, servicemanager)
+# client finds and uses server via service_manager
allow hal_light_client hal_light_service:service_manager find;
+binder_use(hal_light_client)
allow hal_light_server dumpstate:fifo_file write;