From d0f42aa1a88ecc25e7328d62fe7ecd912187df93 Mon Sep 17 00:00:00 2001 From: Eric Jeong Date: Mon, 11 May 2020 10:17:49 -0700 Subject: Add sepolicy for VHAL to phone-based cars Bug: 156204265 Test: build okay and atest android.car.apitest.CarUserManagerTest#testLifecycleListener Change-Id: Iced1db86240d8b5c4b3b1fb601352673809e6521 Merged-In: Id44235d290dc9d157eb9f6e62b59ac3ee7f37b16 --- blueline_car/aosp_blueline_car.mk | 3 +++ bonito_car/aosp_bonito_car.mk | 3 +++ common/sepolicy/hal_vehicle_default.te | 3 +++ common/sepolicy/system_server.te | 2 ++ coral_car/aosp_coral_car.mk | 3 +++ crosshatch_car/aosp_crosshatch_car.mk | 3 +++ flame_car/aosp_flame_car.mk | 4 ++++ sargo_car/aosp_sargo_car.mk | 3 +++ 8 files changed, 24 insertions(+) create mode 100644 common/sepolicy/hal_vehicle_default.te create mode 100644 common/sepolicy/system_server.te diff --git a/blueline_car/aosp_blueline_car.mk b/blueline_car/aosp_blueline_car.mk index 66851ad..b658b04 100644 --- a/blueline_car/aosp_blueline_car.mk +++ b/blueline_car/aosp_blueline_car.mk @@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + PRODUCT_PACKAGES += \ android.hardware.automotive.audiocontrol@1.0-service diff --git a/bonito_car/aosp_bonito_car.mk b/bonito_car/aosp_bonito_car.mk index 6980607..75bcf8f 100644 --- a/bonito_car/aosp_bonito_car.mk +++ b/bonito_car/aosp_bonito_car.mk @@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + PRODUCT_PACKAGES += \ android.hardware.automotive.audiocontrol@1.0-service diff --git a/common/sepolicy/hal_vehicle_default.te b/common/sepolicy/hal_vehicle_default.te new file mode 100644 index 0000000..c0a9698 --- /dev/null +++ b/common/sepolicy/hal_vehicle_default.te @@ -0,0 +1,3 @@ +# Configuration for register VHAL to car watchdog +carwatchdog_client_domain(hal_vehicle_default) +binder_use(hal_vehicle_default) diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te new file mode 100644 index 0000000..a9ce1b1 --- /dev/null +++ b/common/sepolicy/system_server.te @@ -0,0 +1,2 @@ +# Allow system_server to kill vehicle HAL +allow system_server hal_vehicle_server:process sigkill; diff --git a/coral_car/aosp_coral_car.mk b/coral_car/aosp_coral_car.mk index f156a84..1d60b00 100644 --- a/coral_car/aosp_coral_car.mk +++ b/coral_car/aosp_coral_car.mk @@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + # Car init.rc PRODUCT_COPY_FILES += \ packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \ diff --git a/crosshatch_car/aosp_crosshatch_car.mk b/crosshatch_car/aosp_crosshatch_car.mk index 704a2f1..63f9dd0 100644 --- a/crosshatch_car/aosp_crosshatch_car.mk +++ b/crosshatch_car/aosp_crosshatch_car.mk @@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + PRODUCT_PACKAGES += \ android.hardware.automotive.audiocontrol@1.0-service diff --git a/flame_car/aosp_flame_car.mk b/flame_car/aosp_flame_car.mk index 984c03f..cfaaf4e 100644 --- a/flame_car/aosp_flame_car.mk +++ b/flame_car/aosp_flame_car.mk @@ -46,6 +46,10 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service + +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + # Car init.rc PRODUCT_COPY_FILES += \ packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \ diff --git a/sargo_car/aosp_sargo_car.mk b/sargo_car/aosp_sargo_car.mk index b3729aa..d8963de 100644 --- a/sargo_car/aosp_sargo_car.mk +++ b/sargo_car/aosp_sargo_car.mk @@ -46,6 +46,9 @@ PRODUCT_PACKAGES += \ android.hardware.broadcastradio@2.0-service \ android.hardware.automotive.vehicle@2.0-service +# Additional selinux policy +BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy + PRODUCT_PACKAGES += \ android.hardware.automotive.audiocontrol@1.0-service -- cgit v1.2.3