Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f0ea953e606735e1eb62c58f11c28e572637d3a5^! / . / public
commitf0ea953e606735e1eb62c58f11c28e572637d3a5[log] [tgz]
authorSandeep Dhavale <dhavale@google.com>Tue Nov 08 23:57:09 2022 +0000
committerSandeep Dhavale <dhavale@google.com>Wed Nov 09 22:21:27 2022 +0000
tree7ac8959f770bf9b5fc60fa8f21199c74138015a5
parentf4ab6c9f3c21617b5f313804d1df4a32192c573d [diff]
Fastboot AIDL Sepolicy changes

Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>

diff --git a/public/attributes b/public/attributes
index d462c09..31f13d2 100644
--- a/public/attributes
+++ b/public/attributes

@@ -339,6 +339,7 @@
 hal_attribute(dumpstate);
 hal_attribute(evs);
 hal_attribute(face);
+hal_attribute(fastboot);
 hal_attribute(fingerprint);
 hal_attribute(gatekeeper);
 hal_attribute(gnss);

diff --git a/public/fastbootd.te b/public/fastbootd.te
index 68cb9e0..8452b97 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te

@@ -13,6 +13,7 @@
   # fastbootd can use AIDL HALs in binder mode
   binder_use(fastbootd)
   hal_client_domain(fastbootd, hal_health)
+  hal_client_domain(fastbootd, hal_fastboot)
 
   # Access /dev/usb-ffs/fastbootd/ep0
   allow fastbootd functionfs:dir search;

diff --git a/public/hal_fastboot.te b/public/hal_fastboot.te
new file mode 100644
index 0000000..7aecac1
--- /dev/null
+++ b/public/hal_fastboot.te

@@ -0,0 +1,7 @@
+# allow binder connection from client to server
+binder_call(hal_fastboot_client, hal_fastboot_server)
+# allow client to find the service, allow server to register the service
+hal_attribute_service(hal_fastboot, hal_fastboot_service)
+# allow binder communication from server to service_manager
+binder_call(hal_fastboot_server, servicemanager)
+

diff --git a/public/service.te b/public/service.te
index fefdbd6..06f1a7b 100644
--- a/public/service.te
+++ b/public/service.te

@@ -282,6 +282,7 @@
 type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
 type hal_evs_service, protected_service, hal_service_type, service_manager_type;
 type hal_face_service, protected_service, hal_service_type, service_manager_type;
+type hal_fastboot_service, protected_service, hal_service_type, service_manager_type;
 type hal_fingerprint_service, protected_service, hal_service_type, service_manager_type;
 type hal_gnss_service, protected_service, hal_service_type, service_manager_type;
 type hal_graphics_allocator_service, hal_service_type, service_manager_type;