From 6af7af151b1927afbe4c9e5f74e415d1c4594ae5 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Tue, 8 May 2018 15:45:38 -0700
Subject: [PATCH] Add wait_for_keymaster

Bug: 79228237
Test: audit2allow finds no relevant denials on boot
Change-Id: Ia80b77ba9a1ec2354127cd0ef68d50ebcf593fb0
---
 prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil | 3 +++
 prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil | 3 +++
 prebuilts/api/28.0/private/file_contexts               | 1 +
 prebuilts/api/28.0/private/wait_for_keymaster.te       | 9 +++++++++
 private/compat/26.0/26.0.ignore.cil                    | 3 +++
 private/compat/27.0/27.0.ignore.cil                    | 3 +++
 private/file_contexts                                  | 1 +
 private/wait_for_keymaster.te                          | 9 +++++++++
 8 files changed, 32 insertions(+)
 create mode 100644 prebuilts/api/28.0/private/wait_for_keymaster.te
 create mode 100644 private/wait_for_keymaster.te

diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
index 3d243d419..461e6b61d 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
@@ -133,6 +133,9 @@
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
     vold_service
+    wait_for_keymaster
+    wait_for_keymaster_exec
+    wait_for_keymaster_tmpfs
     wpantund
     wpantund_exec
     wpantund_service
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
index dbb277bd9..839ee0a84 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
@@ -111,6 +111,9 @@
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
     vold_service
+    wait_for_keymaster
+    wait_for_keymaster_exec
+    wait_for_keymaster_tmpfs
     wm_trace_data_file
     wpantund
     wpantund_exec
diff --git a/prebuilts/api/28.0/private/file_contexts b/prebuilts/api/28.0/private/file_contexts
index 71bff7365..3dfb8a649 100644
--- a/prebuilts/api/28.0/private/file_contexts
+++ b/prebuilts/api/28.0/private/file_contexts
@@ -292,6 +292,7 @@
 /system/bin/stats                u:object_r:stats_exec:s0
 /system/bin/statsd               u:object_r:statsd_exec:s0
 /system/bin/bpfloader            u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster   u:object_r:wait_for_keymaster_exec:s0
 
 #############################
 # Vendor files
diff --git a/prebuilts/api/28.0/private/wait_for_keymaster.te b/prebuilts/api/28.0/private/wait_for_keymaster.te
new file mode 100644
index 000000000..8b8dd2927
--- /dev/null
+++ b/prebuilts/api/28.0/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3d243d419..461e6b61d 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -133,6 +133,9 @@
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
     vold_service
+    wait_for_keymaster
+    wait_for_keymaster_exec
+    wait_for_keymaster_tmpfs
     wpantund
     wpantund_exec
     wpantund_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index dbb277bd9..839ee0a84 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -111,6 +111,9 @@
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
     vold_service
+    wait_for_keymaster
+    wait_for_keymaster_exec
+    wait_for_keymaster_tmpfs
     wm_trace_data_file
     wpantund
     wpantund_exec
diff --git a/private/file_contexts b/private/file_contexts
index 71bff7365..3dfb8a649 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -292,6 +292,7 @@
 /system/bin/stats                u:object_r:stats_exec:s0
 /system/bin/statsd               u:object_r:statsd_exec:s0
 /system/bin/bpfloader            u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster   u:object_r:wait_for_keymaster_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
new file mode 100644
index 000000000..8b8dd2927
--- /dev/null
+++ b/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
-- 
GitLab