From 3c30c4e2db7d0ebb5a658fe7830779195e2faea9 Mon Sep 17 00:00:00 2001
From: Ruchi Kandoi <kandoiruchi@google.com>
Date: Fri, 21 Oct 2016 08:53:11 -0700
Subject: [PATCH] hal_power: Add sepolicy for power service.

Bug: 31177288
Test: reduced sepolicy errors
Change-Id: I29556276ee14c341ac8f472875e6b69f903851ff
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
---
 private/file_contexts   | 1 +
 private/hal_power.te    | 2 ++
 public/hal_power.te     | 6 ++++++
 public/system_server.te | 1 +
 4 files changed, 10 insertions(+)
 create mode 100644 private/hal_power.te
 create mode 100644 public/hal_power.te

diff --git a/private/file_contexts b/private/file_contexts
index 241cccdf9..b4a708754 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -224,6 +224,7 @@
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
+/system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0
diff --git a/private/hal_power.te b/private/hal_power.te
new file mode 100644
index 000000000..a564d402c
--- /dev/null
+++ b/private/hal_power.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_power)
diff --git a/public/hal_power.te b/public/hal_power.te
new file mode 100644
index 000000000..26fec3b59
--- /dev/null
+++ b/public/hal_power.te
@@ -0,0 +1,6 @@
+# power subsystem
+type hal_power, domain;
+type hal_power_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_power);
diff --git a/public/system_server.te b/public/system_server.te
index a728c15a7..6bec0aa0f 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -149,6 +149,7 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 binder_use(system_server)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_light)
+binder_call(system_server, hal_power)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)
-- 
GitLab