commit f0ea953e606735e1eb62c58f11c28e572637d3a5
author Sandeep Dhavale <dhavale@google.com> Tue Nov 08 23:57:09 2022 +0000
committer Sandeep Dhavale <dhavale@google.com> Wed Nov 09 22:21:27 2022 +0000
tree 7ac8959f770bf9b5fc60fa8f21199c74138015a5
parent f4ab6c9f3c21617b5f313804d1df4a32192c573d

Fastboot AIDL Sepolicy changes

Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>

private/compat/33.0/33.0.ignore.cil

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 1bb5557..8092a52 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -37,4 +37,5 @@
     hal_gatekeeper_service
     hal_broadcastradio_service
     hal_confirmationui_service
+    hal_fastboot_service
   ))

private/fastbootd.te

diff --git a/private/fastbootd.te b/private/fastbootd.te
index c33e044..d93ee42 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -45,6 +45,9 @@
 
   # Needed for reading boot properties.
   allow fastbootd proc_bootconfig:file r_file_perms;
+  # Let this domain use the hal fastboot service
+  binder_use(fastbootd)
+  hal_client_domain(fastbootd, hal_fastboot)
 ')
 
 # io_uring_setup needs ipc_lock and permission to operate anon inodes

private/init.te

diff --git a/private/init.te b/private/init.te
index f03a138..2fd2940 100644
--- a/private/init.te
+++ b/private/init.te
@@ -14,6 +14,7 @@
   domain_trans(init, rootfs, hal_bootctl_server)
   domain_trans(init, rootfs, charger)
   domain_trans(init, rootfs, fastbootd)
+  domain_trans(init, rootfs, hal_fastboot_server)
   domain_trans(init, rootfs, hal_health_server)
   domain_trans(init, rootfs, recovery)
   domain_trans(init, rootfs, linkerconfig)

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 2e2e7b2..5ee226d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -25,6 +25,7 @@
 android.hardware.drm.IDrmFactory/clearkey                            u:object_r:hal_drm_service:s0
 android.hardware.drm.ICryptoFactory/clearkey                         u:object_r:hal_drm_service:s0
 android.hardware.dumpstate.IDumpstateDevice/default                  u:object_r:hal_dumpstate_service:s0
+android.hardware.fastboot.IFastboot/default                          u:object_r:hal_fastboot_service:s0
 android.hardware.gnss.IGnss/default                                  u:object_r:hal_gnss_service:s0
 android.hardware.graphics.allocator.IAllocator/default               u:object_r:hal_graphics_allocator_service:s0
 android.hardware.graphics.composer3.IComposer/default                u:object_r:hal_graphics_composer_service:s0