Merge "Add sepolicy to register VHAL to car watchdog" into rvc-dev

3 files changed, 8 insertions, 0 deletions

diff --git a/common/car.mk b/common/car.mk
index 6676bfa..6a476b5 100644
--- a/common/car.mk
+++ b/common/car.mk
@@ -72,4 +72,7 @@ PRODUCT_SYSTEM_DEFAULT_PROPERTIES := \
     android.car.number_pre_created_users=1 \
     android.car.number_pre_created_guests=1
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/generic/car/common/sepolicy
+
 $(call inherit-product, packages/services/Car/car_product/build/car.mk)
diff --git a/common/sepolicy/hal_vehicle_default.te b/common/sepolicy/hal_vehicle_default.te
new file mode 100644
index 0000000..c0a9698
--- /dev/null
+++ b/common/sepolicy/hal_vehicle_default.te
@@ -0,0 +1,3 @@
+# Configuration for register VHAL to car watchdog
+carwatchdog_client_domain(hal_vehicle_default)
+binder_use(hal_vehicle_default)
diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te
new file mode 100644
index 0000000..a9ce1b1
--- /dev/null
+++ b/common/sepolicy/system_server.te
@@ -0,0 +1,2 @@
+# Allow system_server to kill vehicle HAL
+allow system_server hal_vehicle_server:process sigkill;