From 7e89a679d93ca40be7320e22e737d6cbc3f0bd64 Mon Sep 17 00:00:00 2001 From: Lei Ju Date: Tue, 23 Jan 2024 11:18:55 -0800 Subject: [PATCH] Allow sensor hal to connect to CHRE HAL These policies are required to let DropDetect and IpHeath communicate with CHRE HAL directly after CHRE multiclient HAL is enabled. Bug: 324316275 Test: Trigger drop detection and observed corresponding logs are generated. Change-Id: Icc087b59ff594224d7e637212558e68fb3f86437 --- chre/sepolicy/hal_contexthub_default.te | 3 +++ sensors/sepolicy/hal_sensors_default.te | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/chre/sepolicy/hal_contexthub_default.te b/chre/sepolicy/hal_contexthub_default.te index 542d383..87e3a42 100644 --- a/chre/sepolicy/hal_contexthub_default.te +++ b/chre/sepolicy/hal_contexthub_default.te @@ -32,3 +32,6 @@ wakelock_use(hal_contexthub_default) # Allow context hub HAL to block suspend, which is required to use EPOLLWAKEUP allow hal_contexthub_default self:global_capability2_class_set block_suspend; + +# Allow binder calls with clients +binder_call(hal_contexthub_default, hal_sensors_default) diff --git a/sensors/sepolicy/hal_sensors_default.te b/sensors/sepolicy/hal_sensors_default.te index 85a8262..846b016 100644 --- a/sensors/sepolicy/hal_sensors_default.te +++ b/sensors/sepolicy/hal_sensors_default.te @@ -63,6 +63,11 @@ unix_socket_connect(hal_sensors_default, chre, chre) ## TODO(b/248615564): Remove above rule after CHRE multiclient HAL is launched. unix_socket_connect(hal_sensors_default, chre, hal_contexthub_default) +# Allow access to CHRE multiclient HAL. +get_prop(hal_sensors_default, vendor_chre_hal_prop) +binder_call(hal_sensors_default, hal_contexthub_default) +allow hal_sensors_default hal_contexthub_service:service_manager find; + # Allow access to the power supply files for MagCC. r_dir_file(hal_sensors_default, sysfs_batteryinfo)