Add sepolicy for VHAL to phone-based cars am: d0f42aa1a8

Change-Id: I650f1b652918e8f039afc6f07e5c2690304ad75e

8 files changed, 24 insertions, 0 deletions

diff --git a/blueline_car/aosp_blueline_car.mk b/blueline_car/aosp_blueline_car.mk
index 66851ad..b658b04 100644
--- a/blueline_car/aosp_blueline_car.mk
+++ b/blueline_car/aosp_blueline_car.mk
@@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 PRODUCT_PACKAGES += \
             android.hardware.automotive.audiocontrol@1.0-service
 
diff --git a/bonito_car/aosp_bonito_car.mk b/bonito_car/aosp_bonito_car.mk
index 6980607..75bcf8f 100644
--- a/bonito_car/aosp_bonito_car.mk
+++ b/bonito_car/aosp_bonito_car.mk
@@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 PRODUCT_PACKAGES += \
             android.hardware.automotive.audiocontrol@1.0-service
 
diff --git a/common/sepolicy/hal_vehicle_default.te b/common/sepolicy/hal_vehicle_default.te
new file mode 100644
index 0000000..c0a9698
--- /dev/null
+++ b/common/sepolicy/hal_vehicle_default.te
@@ -0,0 +1,3 @@
+# Configuration for register VHAL to car watchdog
+carwatchdog_client_domain(hal_vehicle_default)
+binder_use(hal_vehicle_default)
diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te
new file mode 100644
index 0000000..a9ce1b1
--- /dev/null
+++ b/common/sepolicy/system_server.te
@@ -0,0 +1,2 @@
+# Allow system_server to kill vehicle HAL
+allow system_server hal_vehicle_server:process sigkill;
diff --git a/coral_car/aosp_coral_car.mk b/coral_car/aosp_coral_car.mk
index f156a84..1d60b00 100644
--- a/coral_car/aosp_coral_car.mk
+++ b/coral_car/aosp_coral_car.mk
@@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 # Car init.rc
 PRODUCT_COPY_FILES += \
             packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \
diff --git a/crosshatch_car/aosp_crosshatch_car.mk b/crosshatch_car/aosp_crosshatch_car.mk
index 704a2f1..63f9dd0 100644
--- a/crosshatch_car/aosp_crosshatch_car.mk
+++ b/crosshatch_car/aosp_crosshatch_car.mk
@@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 PRODUCT_PACKAGES += \
             android.hardware.automotive.audiocontrol@1.0-service
 
diff --git a/flame_car/aosp_flame_car.mk b/flame_car/aosp_flame_car.mk
index 984c03f..cfaaf4e 100644
--- a/flame_car/aosp_flame_car.mk
+++ b/flame_car/aosp_flame_car.mk
@@ -46,6 +46,10 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 # Car init.rc
 PRODUCT_COPY_FILES += \
             packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \
diff --git a/sargo_car/aosp_sargo_car.mk b/sargo_car/aosp_sargo_car.mk
index b3729aa..d8963de 100644
--- a/sargo_car/aosp_sargo_car.mk
+++ b/sargo_car/aosp_sargo_car.mk
@@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \
             android.hardware.broadcastradio@2.0-service \
             android.hardware.automotive.vehicle@2.0-service
 
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
 PRODUCT_PACKAGES += \
             android.hardware.automotive.audiocontrol@1.0-service