From 5ff0f178ba077594e80d9777bbe7a13d25d2484d Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Thu, 19 Jan 2017 11:41:56 +0900
Subject: [PATCH] configstore: add selinux policy for configstore@1.0 hal

This change adds selinux policy for configstore@1.0 hal. Currently, only
surfaceflinger has access to the HAL, but need to be widen.

Bug: 34314793
Test: build & run

Change-Id: I40e65032e9898ab5f412bfdb7745b43136d8e964
---
 private/file_contexts              | 1 +
 private/hal_configstore_default.te | 5 +++++
 public/attributes                  | 1 +
 public/surfaceflinger.te           | 1 +
 4 files changed, 8 insertions(+)
 create mode 100644 private/hal_configstore_default.te

diff --git a/private/file_contexts b/private/file_contexts
index 8d6f0e511..123457efb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -243,6 +243,7 @@
 /system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.camera\.provider@2\.4-service          u:object_r:hal_camera_default_exec:s0
+/system/bin/hw/android\.hardware\.configstore@1\.0-service    u:object_r:hal_configstore_default_exec:s0
 /system/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /system/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
diff --git a/private/hal_configstore_default.te b/private/hal_configstore_default.te
new file mode 100644
index 000000000..b3ca6c2ff
--- /dev/null
+++ b/private/hal_configstore_default.te
@@ -0,0 +1,5 @@
+type hal_configstore_default, domain;
+hal_impl_domain(hal_configstore_default, hal_configstore)
+
+type hal_configstore_default_exec, exec_type, file_type;
+init_daemon_domain(hal_configstore_default)
diff --git a/public/attributes b/public/attributes
index a2b902963..4be56da99 100644
--- a/public/attributes
+++ b/public/attributes
@@ -121,6 +121,7 @@ attribute haldomain;
 attribute hal_audio;
 attribute hal_bluetooth;
 attribute hal_camera;
+attribute hal_configstore;
 attribute hal_contexthub;
 attribute hal_dumpstate;
 attribute hal_fingerprint;
diff --git a/public/surfaceflinger.te b/public/surfaceflinger.te
index 2b1faec10..c3942f5f5 100644
--- a/public/surfaceflinger.te
+++ b/public/surfaceflinger.te
@@ -8,6 +8,7 @@ typeattribute surfaceflinger mlstrustedsubject;
 hwbinder_use(surfaceflinger)
 binder_call(surfaceflinger, hal_graphics_allocator)
 binder_call(surfaceflinger, hal_graphics_composer)
+binder_call(surfaceflinger, hal_configstore)
 
 # Perform Binder IPC.
 binder_use(surfaceflinger)
-- 
GitLab