From 46ac92680358e32d3ff086b57fa40788a2a20d25 Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Mon, 27 Mar 2017 15:40:21 +0100
Subject: [PATCH] SELinux policies for the OEM lock HAL.

Bug: 34766843
Test: Boot and call HAL from system_server
Change-Id: Ice78aedfdbe82477a84252499a76dad37887fe6b
---
 private/system_server.te | 1 +
 public/attributes        | 3 +++
 public/hal_oemlock.te    | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 public/hal_oemlock.te

diff --git a/private/system_server.te b/private/system_server.te
index e1c5f6dce..be56540ab 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -178,6 +178,7 @@ binder_call(system_server, hal_light)
 hal_client_domain(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_oemlock)
 binder_call(system_server, hal_power)
 hal_client_domain(system_server, hal_power)
 hal_client_domain(system_server, hal_sensors)
diff --git a/public/attributes b/public/attributes
index da399c9fa..d56702d84 100644
--- a/public/attributes
+++ b/public/attributes
@@ -216,6 +216,9 @@ attribute hal_memtrack_server;
 attribute hal_nfc;
 attribute hal_nfc_client;
 attribute hal_nfc_server;
+attribute hal_oemlock;
+attribute hal_oemlock_client;
+attribute hal_oemlock_server;
 attribute hal_power;
 attribute hal_power_client;
 attribute hal_power_server;
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
new file mode 100644
index 000000000..69870ec29
--- /dev/null
+++ b/public/hal_oemlock.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+binder_call(hal_oemlock_client, hal_oemlock_server)
-- 
GitLab