Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / fc1463c164cd32421a297e8c9ec3bbf9941aed30^! / .
commitfc1463c164cd32421a297e8c9ec3bbf9941aed30[log] [tgz]
authorRicky Niu <rickyniu@google.com>Wed Sep 28 17:53:48 2022 +0800
committerRicky Niu <rickyniu@google.com>Thu Oct 27 15:42:56 2022 +0800
tree599e8a20b115bfcbacaa2d4a397357c5a4628c2a
parent6a80e5c6fd6d61653aab0b4dc98705d714d51c45 [diff]
Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration

Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199

diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 664b65f..841b64a 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -91,6 +91,7 @@
 		"android.hardware.tv.input.ITvInput/default":                              []string{},
 		"android.hardware.tv.tuner.ITuner/default":                                []string{},
 		"android.hardware.usb.IUsb/default":                                       []string{},
+		"android.hardware.usb.gadget.IUsbGadget/default":                          []string{},
 		"android.hardware.uwb.IUwb/default":                                       []string{},
 		"android.hardware.vibrator.IVibrator/default":                             []string{},
 		"android.hardware.vibrator.IVibratorManager/default":                      []string{"android.hardware.vibrator-service.example_fuzzer"},

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 97a1c91..5d9a7cb 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil

@@ -14,6 +14,7 @@
     hal_bootctl_service
     hal_remoteaccess_service
     hal_thermal_service
+    hal_usb_gadget_service
     hal_tv_input_service
     hal_tv_hdmi_service
     hal_tv_hdmi_cec_service

diff --git a/private/service_contexts b/private/service_contexts
index b083972..7dc700a 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -76,6 +76,7 @@
 android.hardware.tv.tuner.ITuner/default                             u:object_r:hal_tv_tuner_service:s0
 android.hardware.tv.input.ITvInput/default                           u:object_r:hal_tv_input_service:s0
 android.hardware.usb.IUsb/default                                    u:object_r:hal_usb_service:s0
+android.hardware.usb.gadget.IUsbGadget/default                       u:object_r:hal_usb_gadget_service:s0
 android.hardware.uwb.IUwb/default                                    u:object_r:hal_uwb_service:s0
 android.hardware.vibrator.IVibrator/default                          u:object_r:hal_vibrator_service:s0
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0

diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te
index a474652..45bfdbe 100644
--- a/public/hal_usb_gadget.te
+++ b/public/hal_usb_gadget.te

@@ -2,6 +2,9 @@
 binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
 binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
 
+hal_attribute_service(hal_usb_gadget, hal_usb_gadget_service)
+binder_call(hal_usb_gadget_server, servicemanager)
+
 hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
 
 # Configuring usb gadget functions
@@ -10,4 +13,4 @@
 allow hal_usb_gadget_server configfs:file create_file_perms;
 allow hal_usb_gadget_server functionfs:dir { read search };
 allow hal_usb_gadget_server functionfs:file read;
-
+allow hal_usb_gadget_server proc_interrupts:file r_file_perms;

diff --git a/public/service.te b/public/service.te
index eda671d..705da33 100644
--- a/public/service.te
+++ b/public/service.te

@@ -311,6 +311,7 @@
 type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
 type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
 type hal_usb_service, protected_service, hal_service_type, service_manager_type;
+type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
 type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
 type hal_vehicle_service, protected_service, hal_service_type, service_manager_type;
 type hal_vibrator_service, protected_service, hal_service_type, service_manager_type;

diff --git a/vendor/file_contexts b/vendor/file_contexts
index d6dc9bc..ab47b83 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -102,6 +102,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)?  u:object_r:hal_tv_tuner_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service            u:object_r:hal_usb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.example        u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.example   u:object_r:hal_usb_gadget_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service    u:object_r:hal_usb_gadget_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.uwb-service                 u:object_r:hal_uwb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0