From e8d0bdae215b0818e22d1620c93ad3b5f6bca78b Mon Sep 17 00:00:00 2001
From: Ashutosh Joshi <ashutoshj@google.com>
Date: Tue, 29 Nov 2016 13:17:49 -0800
Subject: [PATCH] Add sepolicy for contexthub HAL

Adding sepolicty for contexthub service.

Test: GTS tests pass.
Change-Id: I2576b8028d12a31151d7b7869679b853eb16c75e
---
 private/file_contexts             | 1 +
 private/hal_contexthub_default.te | 4 ++++
 public/attributes                 | 1 +
 public/hal_contexthub.te          | 5 +++++
 public/system_server.te           | 1 +
 5 files changed, 12 insertions(+)
 create mode 100644 private/hal_contexthub_default.te
 create mode 100644 public/hal_contexthub.te

diff --git a/private/file_contexts b/private/file_contexts
index c081f5b40..41e1459da 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -231,6 +231,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
diff --git a/private/hal_contexthub_default.te b/private/hal_contexthub_default.te
new file mode 100644
index 000000000..99b6b9376
--- /dev/null
+++ b/private/hal_contexthub_default.te
@@ -0,0 +1,4 @@
+type hal_contexthub_default, hal_contexthub, domain;
+type hal_contexthub_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_contexthub_default)
diff --git a/public/attributes b/public/attributes
index c14365cf4..abe5955d8 100644
--- a/public/attributes
+++ b/public/attributes
@@ -130,3 +130,4 @@ attribute hal_thermal;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;
+attribute hal_contexthub;
diff --git a/public/hal_contexthub.te b/public/hal_contexthub.te
new file mode 100644
index 000000000..9d3685b52
--- /dev/null
+++ b/public/hal_contexthub.te
@@ -0,0 +1,5 @@
+# hwbinder access
+hwbinder_use(hal_contexthub)
+
+# call into system_server process (callbacks)
+binder_call(hal_contexthub, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index 99ff1d816..052f632c3 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -160,6 +160,7 @@ binder_service(system_server)
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
 binder_call(system_server, hal_boot)
+binder_call(system_server, hal_contexthub)
 binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
-- 
GitLab