From 7ba0485665965826548428cd48f4946e46f848f0 Mon Sep 17 00:00:00 2001
From: Craig Donner <cdonner@google.com>
Date: Wed, 19 Oct 2016 09:50:23 -0700
Subject: [PATCH] sepolicy: Add policy for VR HIDL service.

Test: built and ran on device.
Bug: 31442830
Change-Id: Idd7870b4dd70eed8cd4dc55e292be39ff703edd2
---
 private/android_hardware_vr.te | 2 ++
 private/file_contexts          | 1 +
 public/android_hardware_vr.te  | 9 +++++++++
 public/system_server.te        | 1 +
 4 files changed, 13 insertions(+)
 create mode 100644 private/android_hardware_vr.te
 create mode 100644 public/android_hardware_vr.te

diff --git a/private/android_hardware_vr.te b/private/android_hardware_vr.te
new file mode 100644
index 000000000..65ab4eec7
--- /dev/null
+++ b/private/android_hardware_vr.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(android_hardware_vr)
diff --git a/private/file_contexts b/private/file_contexts
index 5290c2c8d..c24d2f991 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -223,6 +223,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android.hardware.nfc@1.0-service   u:object_r:android_hardware_nfc_1_0_service_exec:s0
 /system/bin/hw/android.hardware.vibrator@1.0-service   u:object_r:android_hardware_vibrator_service_exec:s0
+/system/bin/hw/android.hardware.vr@1.0-service   u:object_r:android_hardware_vr_exec:s0
 
 #############################
 # Vendor files
diff --git a/public/android_hardware_vr.te b/public/android_hardware_vr.te
new file mode 100644
index 000000000..f6651c5c9
--- /dev/null
+++ b/public/android_hardware_vr.te
@@ -0,0 +1,9 @@
+# vr subsystem
+type android_hardware_vr, domain;
+type android_hardware_vr_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(android_hardware_vr)
+
+# call into system_server process
+binder_call(android_hardware_vr, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index f61bcabaa..249a3d348 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -148,6 +148,7 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, android_hardware_vibrator_service)
+binder_call(system_server, android_hardware_vr)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, fingerprintd)
-- 
GitLab