From 0e9b22078bf3c49e61fd887cf86d081d4681d9e0 Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Fri, 12 May 2017 15:37:39 +0100
Subject: [PATCH] SELinux policies for the OEM lock HAL.

Bug: 34766843
Change-Id: I5be615d818ecf999fec6514ce9b89ff6a7f13cd6
Fix: 38232801
Test: Build and boot
Merged-In: Ice78aedfdbe82477a84252499a76dad37887fe6b
---
 private/system_server.te | 1 +
 public/attributes        | 3 +++
 public/hal_oemlock.te    | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 public/hal_oemlock.te

diff --git a/private/system_server.te b/private/system_server.te
index f391aa5e7..6537233cd 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -181,6 +181,7 @@ hal_client_domain(system_server, hal_graphics_allocator)
 hal_client_domain(system_server, hal_ir)
 hal_client_domain(system_server, hal_light)
 hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_oemlock)
 allow system_server hal_omx_hwservice:hwservice_manager find;
 allow system_server hidl_token_hwservice:hwservice_manager find;
 hal_client_domain(system_server, hal_power)
diff --git a/public/attributes b/public/attributes
index f8650b7a4..671a0e44a 100644
--- a/public/attributes
+++ b/public/attributes
@@ -234,6 +234,9 @@ attribute hal_memtrack_server;
 attribute hal_nfc;
 attribute hal_nfc_client;
 attribute hal_nfc_server;
+attribute hal_oemlock;
+attribute hal_oemlock_client;
+attribute hal_oemlock_server;
 attribute hal_power;
 attribute hal_power_client;
 attribute hal_power_server;
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
new file mode 100644
index 000000000..dcbb964fb
--- /dev/null
+++ b/public/hal_oemlock.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+# binder_call(hal_oemlock_client, hal_oemlock_server)
-- 
GitLab