From d26d8270ff6762e2c87c971b62b0df6fee8949b8 Mon Sep 17 00:00:00 2001 From: kierancyphus Date: Wed, 13 Mar 2024 15:13:14 +0800 Subject: [PATCH] shamp: Add SEPolicy and compat matrix for shamp Bug: 329367768 This is the basic SELinux setup for a HAL. Since this lives in gs-common and not all pixel devices will have the corresponding vendor manifest, this hal will have to be marked as optional. Test: If this was configured incorrectly, then the build should fail Doc: go/shared-modem-platform-cpp-backend Change-Id: I6dd0ee3d68ff226e14e3bdffe2e828c1184c1a01 --- modem/shared_modem_platform/compatibility_matrix.xml | 11 +++++++++++ modem/shared_modem_platform/sepolicy/attributes | 1 + .../sepolicy/hal_shared_modem_platform.te | 8 ++++++++ modem/shared_modem_platform/sepolicy/service.te | 1 + modem/shared_modem_platform/sepolicy/service_contexts | 2 ++ modem/shared_modem_platform/shared_modem_platform.mk | 2 ++ 6 files changed, 25 insertions(+) create mode 100644 modem/shared_modem_platform/compatibility_matrix.xml create mode 100644 modem/shared_modem_platform/sepolicy/attributes create mode 100644 modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te create mode 100644 modem/shared_modem_platform/sepolicy/service.te create mode 100644 modem/shared_modem_platform/sepolicy/service_contexts diff --git a/modem/shared_modem_platform/compatibility_matrix.xml b/modem/shared_modem_platform/compatibility_matrix.xml new file mode 100644 index 0000000..5019c3e --- /dev/null +++ b/modem/shared_modem_platform/compatibility_matrix.xml @@ -0,0 +1,11 @@ + + + + com.google.pixel.shared_modem_platform + 1 + + ISharedModemPlatform + default + + + diff --git a/modem/shared_modem_platform/sepolicy/attributes b/modem/shared_modem_platform/sepolicy/attributes new file mode 100644 index 0000000..2cc802d --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/attributes @@ -0,0 +1 @@ +hal_attribute(shared_modem_platform) diff --git a/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te new file mode 100644 index 0000000..8771563 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te @@ -0,0 +1,8 @@ +# Allow binder connection from client to server +binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server) + +# Allow client to find the service, server to register the service +hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service) + +# Allow binder communication from server to service_manager +binder_use(hal_shared_modem_platform_server) diff --git a/modem/shared_modem_platform/sepolicy/service.te b/modem/shared_modem_platform/sepolicy/service.te new file mode 100644 index 0000000..390fde6 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/service.te @@ -0,0 +1 @@ +type hal_shared_modem_platform_service, hal_service_type, service_manager_type; diff --git a/modem/shared_modem_platform/sepolicy/service_contexts b/modem/shared_modem_platform/sepolicy/service_contexts new file mode 100644 index 0000000..58232f7 --- /dev/null +++ b/modem/shared_modem_platform/sepolicy/service_contexts @@ -0,0 +1,2 @@ +# Bind Shared Modem Platform AIDL service name to the SELinux type. +com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0 diff --git a/modem/shared_modem_platform/shared_modem_platform.mk b/modem/shared_modem_platform/shared_modem_platform.mk index 2e0c026..3f50c37 100644 --- a/modem/shared_modem_platform/shared_modem_platform.mk +++ b/modem/shared_modem_platform/shared_modem_platform.mk @@ -7,3 +7,5 @@ SOONG_CONFIG_shared_modem_platform += \ SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR) PRODUCT_PACKAGES += shared_modem_platform +DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy