From 1ec710c8ff528853524dc8e22b1797ca78cfc2de Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Mon, 10 Oct 2016 16:40:33 -0700
Subject: [PATCH] Sepolicy for light hal.

Bug: 32022100
Test: end to end
Change-Id: I5dd9b64c98a5c549fdaf9e47d5a92fa6963370c7
---
 private/file_contexts   | 1 +
 private/hal_light.te    | 2 ++
 public/hal_light.te     | 9 +++++++++
 public/system_server.te | 1 +
 4 files changed, 13 insertions(+)
 create mode 100644 private/hal_light.te
 create mode 100644 public/hal_light.te

diff --git a/private/file_contexts b/private/file_contexts
index 76297c33f..241cccdf9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -222,6 +222,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
diff --git a/private/hal_light.te b/private/hal_light.te
new file mode 100644
index 000000000..8c5f10833
--- /dev/null
+++ b/private/hal_light.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_light)
diff --git a/public/hal_light.te b/public/hal_light.te
new file mode 100644
index 000000000..cdb36bbc1
--- /dev/null
+++ b/public/hal_light.te
@@ -0,0 +1,9 @@
+# light subsystem
+type hal_light, domain;
+type hal_light_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_light)
+
+# call into system_server process (callbacks)
+binder_call(hal_light, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index b59aa0596..a728c15a7 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -148,6 +148,7 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, hal_boot)
+binder_call(system_server, hal_light)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)
-- 
GitLab