From bc6d88d2da12aa9cf43442d928f296c573a345b3 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 6 Apr 2017 09:24:41 -0700
Subject: [PATCH] Add new classes and types for (hw|vnd)servicemanager.

Bug: 34454312
Bug: 36052864
Test: device boots, works
Change-Id: If61d9b736a74c5944cef4449de4dfbaf78d9ccfa
---
 private/access_vectors   | 14 ++++++++++++++
 private/security_classes |  6 ++++++
 public/attributes        |  9 ++++++++-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/private/access_vectors b/private/access_vectors
index c4f13bb2c..dcd86c28e 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -668,6 +668,20 @@ class service_manager
 	list
 }
 
+class hwservice_manager
+{
+	add
+	find
+	list
+}
+
+class vndservice_manager
+{
+	add
+	find
+	list
+}
+
 class keystore_key
 {
 	get_state
diff --git a/private/security_classes b/private/security_classes
index a202c5db6..5685bd6f8 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -134,6 +134,12 @@ class property_service          # userspace
 # Service manager
 class service_manager           # userspace
 
+# hardware service manager      # userspace
+class hwservice_manager
+
+# vendor service manager        # userspace
+class vndservice_manager
+
 # Keystore Key
 class keystore_key              # userspace
 
diff --git a/public/attributes b/public/attributes
index 6bb8346c3..30dfa4bbf 100644
--- a/public/attributes
+++ b/public/attributes
@@ -95,11 +95,18 @@ attribute ephemeral_app_api_service;
 # services which export only system_api
 attribute system_api_service;
 
-# All types used for services managed by service_manager.
+# All types used for services managed by servicemanager.
 # On change, update CHECK_SC_ASSERT_ATTRS
 # definition in tools/checkfc.c.
 attribute service_manager_type;
 
+# All types used for services managed by hwservicemanager
+attribute hwservice_manager_type;
+
+# All types used for services managed by vndservicemanager
+attribute vndservice_manager_type;
+
+
 # All domains that can override MLS restrictions.
 # i.e. processes that can read up and write down.
 attribute mlstrustedsubject;
-- 
GitLab