From 41a871ba845f1c0482d1648627a7a3cf49b2b79f Mon Sep 17 00:00:00 2001
From: Siarhei Vishniakou <svv@google.com>
Date: Wed, 17 Jan 2018 12:27:06 -0800
Subject: [PATCH] Permissions for InputClassifier HAL

Add the required permissions for the InputClassifier HAL.

Bug: 62940136
Test: no selinux denials in logcat when HAL is used inside input flinger.
Change-Id: Ibc9b115a83719421d56ecb4bca2fd196ec71fd76
---
 private/app_neverallows.te             | 1 +
 private/compat/28.0/28.0.ignore.cil    | 1 +
 private/hwservice_contexts             | 1 +
 private/system_server.te               | 1 +
 public/attributes                      | 1 +
 public/hal_input_classifier.te         | 4 ++++
 public/hwservice.te                    | 1 +
 public/su.te                           | 1 +
 vendor/file_contexts                   | 1 +
 vendor/hal_input_classifier_default.te | 5 +++++
 10 files changed, 17 insertions(+)
 create mode 100644 public/hal_input_classifier.te
 create mode 100644 vendor/hal_input_classifier_default.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 6ebbd436a..892eb9acd 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -263,6 +263,7 @@ neverallow all_untrusted_apps {
   hal_gnss_hwservice
   hal_graphics_composer_hwservice
   hal_health_hwservice
+  hal_input_classifier_hwservice
   hal_ir_hwservice
   hal_keymaster_hwservice
   hal_light_hwservice
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index b6b57dfb8..7a0dafa45 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -37,6 +37,7 @@
     hal_atrace_hwservice
     hal_face_hwservice
     hal_health_storage_hwservice
+    hal_input_classifier_hwservice
     hal_power_stats_hwservice
     hal_system_suspend_default
     hal_system_suspend_default_exec
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 1fead4098..207e652f7 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -32,6 +32,7 @@ android.hardware.graphics.composer::IComposer                   u:object_r:hal_g
 android.hardware.graphics.mapper::IMapper                       u:object_r:hal_graphics_mapper_hwservice:s0
 android.hardware.health::IHealth                                u:object_r:hal_health_hwservice:s0
 android.hardware.health.storage::IStorage                       u:object_r:hal_health_storage_hwservice:s0
+android.hardware.input.classifier::IInputClassifier             u:object_r:hal_input_classifier_hwservice:s0
 android.hardware.ir::IConsumerIr                                u:object_r:hal_ir_hwservice:s0
 android.hardware.keymaster::IKeymasterDevice                    u:object_r:hal_keymaster_hwservice:s0
 android.hardware.light::ILight                                  u:object_r:hal_light_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index ccc2017df..ae6d687ee 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -210,6 +210,7 @@ hal_client_domain(system_server, hal_fingerprint)
 hal_client_domain(system_server, hal_gnss)
 hal_client_domain(system_server, hal_graphics_allocator)
 hal_client_domain(system_server, hal_health)
+hal_client_domain(system_server, hal_input_classifier)
 hal_client_domain(system_server, hal_ir)
 hal_client_domain(system_server, hal_light)
 hal_client_domain(system_server, hal_memtrack)
diff --git a/public/attributes b/public/attributes
index bc3723c5f..5a4042199 100644
--- a/public/attributes
+++ b/public/attributes
@@ -266,6 +266,7 @@ hal_attribute(graphics_allocator);
 hal_attribute(graphics_composer);
 hal_attribute(health);
 hal_attribute(health_storage);
+hal_attribute(input_classifier);
 hal_attribute(ir);
 hal_attribute(keymaster);
 hal_attribute(light);
diff --git a/public/hal_input_classifier.te b/public/hal_input_classifier.te
new file mode 100644
index 000000000..70a4b7deb
--- /dev/null
+++ b/public/hal_input_classifier.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_input_classifier_client, hal_input_classifier_server)
+
+hal_attribute_hwservice(hal_input_classifier, hal_input_classifier_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index a51198164..80bd3dcdd 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -29,6 +29,7 @@ type hal_graphics_composer_hwservice, hwservice_manager_type;
 type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
 type hal_health_hwservice, hwservice_manager_type;
 type hal_health_storage_hwservice, hwservice_manager_type;
+type hal_input_classifier_hwservice, hwservice_manager_type;
 type hal_ir_hwservice, hwservice_manager_type;
 type hal_keymaster_hwservice, hwservice_manager_type;
 type hal_light_hwservice, hwservice_manager_type;
diff --git a/public/su.te b/public/su.te
index 4a401b86b..e09248b25 100644
--- a/public/su.te
+++ b/public/su.te
@@ -76,6 +76,7 @@ userdebug_or_eng(`
   typeattribute su hal_graphics_allocator_client;
   typeattribute su hal_graphics_composer_client;
   typeattribute su hal_health_client;
+  typeattribute su hal_input_classifier_client;
   typeattribute su hal_ir_client;
   typeattribute su hal_keymaster_client;
   typeattribute su hal_light_client;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 32e1871cb..7578f58f2 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -28,6 +28,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service       u:object_r:hal_health_storage_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service     u:object_r:hal_input_classifier_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service      u:object_r:hal_keymaster_default_exec:s0
diff --git a/vendor/hal_input_classifier_default.te b/vendor/hal_input_classifier_default.te
new file mode 100644
index 000000000..915cc780a
--- /dev/null
+++ b/vendor/hal_input_classifier_default.te
@@ -0,0 +1,5 @@
+type hal_input_classifier_default, domain;
+hal_server_domain(hal_input_classifier_default, hal_input_classifier)
+
+type hal_input_classifier_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_input_classifier_default)
-- 
GitLab