SePolicy rules for initial media quality HAL service
We add a new HAL service specific for TV that will support ambient
backlight on TV and manage picture and sound profile for TV setting.
Will also support ACR and AIPQ in the future.
Bug: 375092640
Test: m on cuttlefish and gambit
Change-Id: I35da1e652f285fb8845049582046fe4b4ecc9704
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index e81e8c8..0065c49 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -139,6 +139,7 @@
"android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
"android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
"android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
"android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
"android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
"android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
diff --git a/private/attributes b/private/attributes
index 2d6181d..c89d0c7 100644
--- a/private/attributes
+++ b/private/attributes
@@ -11,6 +11,11 @@
attribute system_and_vendor_property_type;
expandattribute system_and_vendor_property_type false;
+# HALs
+until_board_api(202504, `
+ hal_attribute(mediaquality);
+')
+
# All SDK sandbox domains
attribute sdk_sandbox_all;
# The SDK sandbox domains for the current SDK level.
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 8bb0a2d..014270b 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -19,6 +19,7 @@
virtual_fingerprint_exec
virtual_face
virtual_face_exec
+ hal_mediaquality_service
media_quality_service
advanced_protection_service
sysfs_firmware_acpi_tables
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 3132c5a..3f5cb68 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -19,6 +19,7 @@
hal_secretkeeper_service
hal_codec2_service
hal_macsec_service
+ hal_mediaquality_service
hal_remotelyprovisionedcomponent_avf_service
hal_threadnetwork_service
hidl_memory_prop
diff --git a/private/hal_mediaquality.te b/private/hal_mediaquality.te
new file mode 100644
index 0000000..5bcdbbc
--- /dev/null
+++ b/private/hal_mediaquality.te
@@ -0,0 +1,9 @@
+starting_at_board_api(202504, `
+ binder_call(hal_mediaquality_client, hal_mediaquality_server)
+ binder_call(hal_mediaquality_server, hal_mediaquality_client)
+
+ hal_attribute_service(hal_mediaquality, hal_mediaquality_service)
+
+ binder_call(hal_mediaquality_server, servicemanager)
+ binder_call(hal_mediaquality_client, servicemanager)
+')
diff --git a/private/service.te b/private/service.te
index 08a032a..eee98d0 100644
--- a/private/service.te
+++ b/private/service.te
@@ -32,6 +32,10 @@
type media_quality_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
')
+until_board_api(202504, `
+ type hal_mediaquality_service, protected_service, hal_service_type, service_manager_type;
+')
+
is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
')
diff --git a/private/service_contexts b/private/service_contexts
index 8cab6ea..7c3c5de 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -115,6 +115,7 @@
android.hardware.tv.hdmi.cec.IHdmiCec/default u:object_r:hal_tv_hdmi_cec_service:s0
android.hardware.tv.hdmi.connection.IHdmiConnection/default u:object_r:hal_tv_hdmi_connection_service:s0
android.hardware.tv.hdmi.earc.IEArc/default u:object_r:hal_tv_hdmi_earc_service:s0
+android.hardware.tv.mediaquality.IMediaQuality/default u:object_r:hal_mediaquality_service:s0
android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0
android.hardware.tv.input.ITvInput/default u:object_r:hal_tv_input_service:s0
android.hardware.usb.IUsb/default u:object_r:hal_usb_service:s0
diff --git a/private/su.te b/private/su.te
index 2d4b0c6..1e2adef 100644
--- a/private/su.te
+++ b/private/su.te
@@ -106,6 +106,7 @@
typeattribute su hal_ir_client;
typeattribute su hal_keymaster_client;
typeattribute su hal_light_client;
+ typeattribute su hal_mediaquality_client;
typeattribute su hal_memtrack_client;
typeattribute su hal_neuralnetworks_client;
typeattribute su hal_nfc_client;
diff --git a/private/system_server.te b/private/system_server.te
index f39668e..5ae0f71 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -324,6 +324,7 @@
hal_client_domain(system_server, hal_ir)
hal_client_domain(system_server, hal_keymint)
hal_client_domain(system_server, hal_light)
+hal_client_domain(system_server, hal_mediaquality)
hal_client_domain(system_server, hal_memtrack)
hal_client_domain(system_server, hal_neuralnetworks)
hal_client_domain(system_server, hal_oemlock)
diff --git a/public/attributes b/public/attributes
index 759b773..0503450 100644
--- a/public/attributes
+++ b/public/attributes
@@ -366,6 +366,9 @@
hal_attribute(light);
hal_attribute(lowpan);
hal_attribute(macsec);
+starting_at_board_api(202504, `
+ hal_attribute(mediaquality);
+')
hal_attribute(memtrack);
hal_attribute(neuralnetworks);
hal_attribute(nfc);
diff --git a/public/service.te b/public/service.te
index cc9b1ab..f54df00 100644
--- a/public/service.te
+++ b/public/service.te
@@ -330,6 +330,9 @@
type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
type hal_light_service, protected_service, hal_service_type, service_manager_type;
type hal_macsec_service, protected_service, hal_service_type, service_manager_type;
+starting_at_board_api(202504, `
+ type hal_mediaquality_service, protected_service, hal_service_type, service_manager_type;
+')
type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;
type hal_neuralnetworks_service, hal_service_type, service_manager_type;
type hal_nfc_service, protected_service, hal_service_type, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 6f99d90..1e89895 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -82,6 +82,9 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.macsec-service u:object_r:hal_macsec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2-default-service u:object_r:mediacodec_exec:s0
+starting_at_board_api(202504, `
+ /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.mediaquality-service\.example u:object_r:hal_mediaquality_default_exec:s0
+')
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service.example u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
diff --git a/vendor/hal_mediaquality_default.te b/vendor/hal_mediaquality_default.te
new file mode 100644
index 0000000..8f604c4
--- /dev/null
+++ b/vendor/hal_mediaquality_default.te
@@ -0,0 +1,7 @@
+starting_at_board_api(202504, `
+ type hal_mediaquality_default, domain;
+ hal_server_domain(hal_mediaquality_default, hal_mediaquality)
+
+ type hal_mediaquality_default_exec, exec_type, vendor_file_type, file_type;
+ init_daemon_domain(hal_mediaquality_default)
+')
\ No newline at end of file