From c82cf89f5fffee907639f89ebb80df5dd5607f31 Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Fri, 16 Dec 2016 13:20:25 -0800
Subject: [PATCH] hal_health: express the sepolicy as attribute

Bug: http://b/32905206

Test: Boot sailfish and no new selinux failures observed in logs

Change-Id: Id9a46180074a61f8cf8d176a7b2ebc995a13b9f9
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 private/file_contexts         |  2 +-
 private/hal_health.te         |  2 --
 private/hal_health_default.te | 10 ++++++++++
 public/attributes             |  1 +
 public/hal_health.te          |  9 ---------
 5 files changed, 12 insertions(+), 12 deletions(-)
 delete mode 100644 private/hal_health.te
 create mode 100644 private/hal_health_default.te

diff --git a/private/file_contexts b/private/file_contexts
index 70dde3aa0..95293f79a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -234,7 +234,7 @@
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
-/system/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_exec:s0
+/system/bin/hw/android\.hardware\.health@1\.0-service         u:object_r:hal_health_default_exec:s0
 /system/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
 /system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_default_exec:s0
diff --git a/private/hal_health.te b/private/hal_health.te
deleted file mode 100644
index 93115b035..000000000
--- a/private/hal_health.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_health)
diff --git a/private/hal_health_default.te b/private/hal_health_default.te
new file mode 100644
index 000000000..fb2397325
--- /dev/null
+++ b/private/hal_health_default.te
@@ -0,0 +1,10 @@
+# health info abstraction
+type hal_health_default, hal_health, domain;
+type hal_health_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_health_default)
+
+# Read access to system files for HALs in
+# /{system,vendor,odm}/lib[64]/hw/ in order
+# to be able to open the hal implementation .so files
+r_dir_file(hal_health, system_file)
diff --git a/public/attributes b/public/attributes
index 4cfc0987a..aafafa6c8 100644
--- a/public/attributes
+++ b/public/attributes
@@ -119,6 +119,7 @@ attribute hal_audio;
 attribute hal_dumpstate;
 attribute hal_graphics_allocator;
 attribute hal_graphics_composer;
+attribute hal_health;
 attribute hal_ir;
 attribute hal_light;
 attribute hal_memtrack;
diff --git a/public/hal_health.te b/public/hal_health.te
index 2b498a29a..226409f4b 100644
--- a/public/hal_health.te
+++ b/public/hal_health.te
@@ -1,14 +1,5 @@
-# health info abstraction
-type hal_health, domain;
-type hal_health_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_health)
 
 # call into healthd for callbacks
 binder_call(hal_health, healthd)
-
-# Read access to system files for HALs in
-# /{system,vendor,odm}/lib[64]/hw/ in order
-# to be able to open the hal implementation .so files
-r_dir_file(hal_health, system_file)
-- 
GitLab