From 0814795c79855e5957580b4da71e8e73628e3e01 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Thu, 9 Aug 2018 13:04:48 -0700
Subject: [PATCH] Add sepolicy for health filesystem HAL

Test: builds
Test: vts
Bug: 111655771
Change-Id: Iabad3d124bf476cb624addf7d7898e0c2894d550
---
 private/compat/26.0/26.0.ignore.cil     | 1 +
 private/compat/27.0/27.0.ignore.cil     | 1 +
 private/compat/28.0/28.0.ignore.cil     | 1 +
 private/hwservice_contexts              | 1 +
 public/attributes                       | 1 +
 public/hal_health_filesystem.te         | 5 +++++
 public/hwservice.te                     | 1 +
 vendor/file_contexts                    | 1 +
 vendor/hal_health_filesystem_default.te | 6 ++++++
 9 files changed, 18 insertions(+)
 create mode 100644 public/hal_health_filesystem.te
 create mode 100644 vendor/hal_health_filesystem_default.te

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ee202ba3a..7e04f0765 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -58,6 +58,7 @@
     hal_codec2_hwservice
     hal_confirmationui_hwservice
     hal_evs_hwservice
+    hal_health_filesystem_hwservice
     hal_lowpan_hwservice
     hal_neuralnetworks_hwservice
     hal_secure_element_hwservice
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index b99de0603..6e4147e5d 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -52,6 +52,7 @@
     hal_codec2_hwservice
     hal_confirmationui_hwservice
     hal_evs_hwservice
+    hal_health_filesystem_hwservice
     hal_lowpan_hwservice
     hal_secure_element_hwservice
     hal_usb_gadget_hwservice
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7b16b964f..a8f6feca2 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -5,6 +5,7 @@
 (typeattributeset new_objects
   ( activity_task_service
     adb_service
+    hal_health_filesystem_hwservice
     llkd
     llkd_exec
     llkd_tmpfs
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 7a90ad5e8..377901172 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -27,6 +27,7 @@ android.hardware.graphics.allocator::IAllocator                 u:object_r:hal_g
 android.hardware.graphics.composer::IComposer                   u:object_r:hal_graphics_composer_hwservice:s0
 android.hardware.graphics.mapper::IMapper                       u:object_r:hal_graphics_mapper_hwservice:s0
 android.hardware.health::IHealth                                u:object_r:hal_health_hwservice:s0
+android.hardware.health.filesystem::IFileSystem                 u:object_r:hal_health_filesystem_hwservice:s0
 android.hardware.ir::IConsumerIr                                u:object_r:hal_ir_hwservice:s0
 android.hardware.keymaster::IKeymasterDevice                    u:object_r:hal_keymaster_hwservice:s0
 android.hardware.light::ILight                                  u:object_r:hal_light_hwservice:s0
diff --git a/public/attributes b/public/attributes
index 90e1148cb..7dadf9e1d 100644
--- a/public/attributes
+++ b/public/attributes
@@ -253,6 +253,7 @@ hal_attribute(gnss);
 hal_attribute(graphics_allocator);
 hal_attribute(graphics_composer);
 hal_attribute(health);
+hal_attribute(health_filesystem);
 hal_attribute(ir);
 hal_attribute(keymaster);
 hal_attribute(light);
diff --git a/public/hal_health_filesystem.te b/public/hal_health_filesystem.te
new file mode 100644
index 000000000..4d02adc7a
--- /dev/null
+++ b/public/hal_health_filesystem.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_health_filesystem_client, hal_health_filesystem_server)
+binder_call(hal_health_filesystem_server, hal_health_filesystem_client)
+
+hal_attribute_hwservice(hal_health_filesystem, hal_health_filesystem_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index 6f09efcfe..fba108f84 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -24,6 +24,7 @@ type hal_graphics_allocator_hwservice, hwservice_manager_type;
 type hal_graphics_composer_hwservice, hwservice_manager_type;
 type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
 type hal_health_hwservice, hwservice_manager_type;
+type hal_health_filesystem_hwservice, hwservice_manager_type;
 type hal_ir_hwservice, hwservice_manager_type;
 type hal_keymaster_hwservice, hwservice_manager_type;
 type hal_light_hwservice, hwservice_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index e029bfd57..9728b7ca0 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -26,6 +26,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.2-service    u:object_r:hal_graphics_composer_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service         u:object_r:hal_health_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.filesystem@1\.0-service         u:object_r:hal_health_filesystem_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service      u:object_r:hal_keymaster_default_exec:s0
diff --git a/vendor/hal_health_filesystem_default.te b/vendor/hal_health_filesystem_default.te
new file mode 100644
index 000000000..b680a255f
--- /dev/null
+++ b/vendor/hal_health_filesystem_default.te
@@ -0,0 +1,6 @@
+type hal_health_filesystem_default, domain;
+hal_server_domain(hal_health_filesystem_default, hal_health_filesystem)
+
+type hal_health_filesystem_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_health_filesystem_default)
+
-- 
GitLab