From e9d07b9e5f55b82ad31bad4e3f1e8cfba5349657 Mon Sep 17 00:00:00 2001
From: Michael Butler <butlermichael@google.com>
Date: Thu, 29 Jun 2017 18:33:03 -0700
Subject: [PATCH] Default sepolicy rules for initial upload of Neural Network
 API.

Bug: 63905942
Test: mm -j40
Change-Id: I354ee863475aedd2dc9d2b436a00bcd82931456f
(cherry picked from commit 4fc5fb5e521347d65dc921f8c1fb751c66f9a92c)
---
 prebuilts/api/26.0/26.0.ignore.cil | 1 +
 private/hwservice_contexts         | 1 +
 private/system_server.te           | 1 +
 public/attributes                  | 6 ++++++
 public/hal_neuralnetworks.te       | 8 ++++++++
 public/hwservice.te                | 1 +
 6 files changed, 18 insertions(+)
 create mode 100644 public/hal_neuralnetworks.te

diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
index 874f710c8..6c2da1622 100644
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@@ -7,6 +7,7 @@
     e2fs
     e2fs_exec
     hal_cas_hwservice
+    hal_neuralnetworks_hwservice
     hal_tetheroffload_hwservice
     kmsg_debug_device
     netd_stable_secret_prop
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 702795d8b..3f3454fda 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -26,6 +26,7 @@ android.hardware.light::ILight                                  u:object_r:hal_l
 android.hardware.media.omx::IOmx                                u:object_r:hal_omx_hwservice:s0
 android.hardware.media.omx::IOmxStore                           u:object_r:hal_omx_hwservice:s0
 android.hardware.memtrack::IMemtrack                            u:object_r:hal_memtrack_hwservice:s0
+android.hardware.neuralnetworks::IDevice                        u:object_r:hal_neuralnetworks_hwservice:s0
 android.hardware.nfc::INfc                                      u:object_r:hal_nfc_hwservice:s0
 android.hardware.oemlock::IOemLock                              u:object_r:hal_oemlock_hwservice:s0
 android.hardware.power::IPower                                  u:object_r:hal_power_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index fddfe2d89..e61b30353 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -194,6 +194,7 @@ hal_client_domain(system_server, hal_graphics_allocator)
 hal_client_domain(system_server, hal_ir)
 hal_client_domain(system_server, hal_light)
 hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_neuralnetworks)
 hal_client_domain(system_server, hal_oemlock)
 allow system_server hal_omx_hwservice:hwservice_manager find;
 allow system_server hidl_token_hwservice:hwservice_manager find;
diff --git a/public/attributes b/public/attributes
index cd4b820ca..7ee7dafbf 100644
--- a/public/attributes
+++ b/public/attributes
@@ -289,6 +289,12 @@ attribute hal_memtrack_client;
 expandattribute hal_memtrack_client true;
 attribute hal_memtrack_server;
 expandattribute hal_memtrack_server false;
+attribute hal_neuralnetworks;
+expandattribute hal_neuralnetworks true;
+attribute hal_neuralnetworks_client;
+expandattribute hal_neuralnetworks_client true;
+attribute hal_neuralnetworks_server;
+expandattribute hal_neuralnetworks_server false;
 attribute hal_nfc;
 expandattribute hal_nfc true;
 attribute hal_nfc_client;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
new file mode 100644
index 000000000..c697ac2f2
--- /dev/null
+++ b/public/hal_neuralnetworks.te
@@ -0,0 +1,8 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
+binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
+
+add_hwservice(hal_neuralnetworks_server, hal_neuralnetworks_hwservice)
+allow hal_neuralnetworks_client hal_neuralnetworks_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_allocator:fd use;
diff --git a/public/hwservice.te b/public/hwservice.te
index 815221d9c..ce27f215d 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -22,6 +22,7 @@ type hal_ir_hwservice, hwservice_manager_type;
 type hal_keymaster_hwservice, hwservice_manager_type;
 type hal_light_hwservice, hwservice_manager_type;
 type hal_memtrack_hwservice, hwservice_manager_type;
+type hal_neuralnetworks_hwservice, hwservice_manager_type;
 type hal_nfc_hwservice, hwservice_manager_type;
 type hal_oemlock_hwservice, hwservice_manager_type;
 type hal_omx_hwservice, hwservice_manager_type;
-- 
GitLab