From a95c52e347618d5f6797e01ad460094a90800a27 Mon Sep 17 00:00:00 2001
From: Connor O'Brien <connoro@google.com>
Date: Mon, 5 Dec 2016 16:20:44 -0800
Subject: [PATCH] Add sepolicy for consumerir HIDL HAL

Test: logging confirms service runs on boot
Change-Id: If86fa7daf4a626b3e04fa0d2677d4cb590eb71ce
Signed-off-by: Connor O'Brien <connoro@google.com>
---
 private/file_contexts     | 1 +
 private/hal_ir_default.te | 5 +++++
 public/attributes         | 1 +
 public/hal_ir.te          | 5 +++++
 public/system_server.te   | 1 +
 5 files changed, 13 insertions(+)
 create mode 100644 private/hal_ir_default.te
 create mode 100644 public/hal_ir.te

diff --git a/private/file_contexts b/private/file_contexts
index cdc6d458c..4547b6a0d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -230,6 +230,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.ir@1\.0-service           u:object_r:hal_ir_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
diff --git a/private/hal_ir_default.te b/private/hal_ir_default.te
new file mode 100644
index 000000000..0ccd436b5
--- /dev/null
+++ b/private/hal_ir_default.te
@@ -0,0 +1,5 @@
+type hal_ir_default, hal_ir, domain;
+type hal_ir_default_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(hal_ir_default)
diff --git a/public/attributes b/public/attributes
index 5b68eea00..497cb90bc 100644
--- a/public/attributes
+++ b/public/attributes
@@ -116,3 +116,4 @@ attribute update_engine_common;
 
 # HALs
 attribute hal_light;
+attribute hal_ir;
diff --git a/public/hal_ir.te b/public/hal_ir.te
new file mode 100644
index 000000000..3c7b51a9b
--- /dev/null
+++ b/public/hal_ir.te
@@ -0,0 +1,5 @@
+# hwbinder access
+hwbinder_use(hal_ir)
+
+# call into system_server process (callbacks)
+binder_call(hal_ir, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index 146e55735..f7f87f82a 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -159,6 +159,7 @@ binder_service(system_server)
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
 binder_call(system_server, hal_boot)
+binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
-- 
GitLab