From d5c5ef900cfc5e50e859dd373fc34d82733eac1d Mon Sep 17 00:00:00 2001
From: Jiwen 'Steve' Cai <jwcai@google.com>
Date: Sat, 20 Oct 2018 18:33:41 -0700
Subject: [PATCH] Sepolicy for bufferhub hwservice
Bug: 118124442
Test: device can boot with android.frameworks.bufferhub@1.0-service
running
Change-Id: I1d186d5350671b0d2dd4e831429b8fba828316e0
---
private/compat/28.0/28.0.ignore.cil | 1 +
private/file_contexts | 1 +
private/fwk_bufferhub.te | 5 +++++
private/hwservice_contexts | 1 +
public/attributes | 1 +
public/fwk_bufferhub.te | 4 ++++
public/hwservice.te | 1 +
7 files changed, 14 insertions(+)
create mode 100644 private/fwk_bufferhub.te
create mode 100644 public/fwk_bufferhub.te
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 24edae68a..fe17bfaca 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -19,6 +19,7 @@
;; TODO(b/116344577): remove after the issue is resolved
buffer_hub_service
fastbootd
+ fwk_bufferhub_hwservice
fwk_stats_hwservice
color_display_service
hal_atrace_hwservice
diff --git a/private/file_contexts b/private/file_contexts
index ecab5a27b..d0398a805 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -289,6 +289,7 @@
/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
+/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:hal_system_suspend_default_exec:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
diff --git a/private/fwk_bufferhub.te b/private/fwk_bufferhub.te
new file mode 100644
index 000000000..fe84317fb
--- /dev/null
+++ b/private/fwk_bufferhub.te
@@ -0,0 +1,5 @@
+type fwk_bufferhub, domain, coredomain;
+type fwk_bufferhub_exec, system_file_type, exec_type, file_type;
+
+hal_server_domain(fwk_bufferhub, hal_bufferhub)
+init_daemon_domain(fwk_bufferhub)
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 6c00f35a3..035d24061 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,3 +1,4 @@
+android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
diff --git a/public/attributes b/public/attributes
index f56919a8b..6453d7be2 100644
--- a/public/attributes
+++ b/public/attributes
@@ -248,6 +248,7 @@ hal_attribute(audiocontrol);
hal_attribute(authsecret);
hal_attribute(bluetooth);
hal_attribute(bootctl);
+hal_attribute(bufferhub);
hal_attribute(broadcastradio);
hal_attribute(camera);
hal_attribute(cas);
diff --git a/public/fwk_bufferhub.te b/public/fwk_bufferhub.te
new file mode 100644
index 000000000..240f04b98
--- /dev/null
+++ b/public/fwk_bufferhub.te
@@ -0,0 +1,4 @@
+binder_call(hal_bufferhub_client, hal_bufferhub_server)
+binder_call(hal_bufferhub_server, hal_bufferhub_client)
+
+add_hwservice(hal_bufferhub_server, fwk_bufferhub_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index e5c254ec0..8ded06b43 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1,4 +1,5 @@
type default_android_hwservice, hwservice_manager_type;
+type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
--
GitLab