shamp: Add SEPolicy and compat matrix for shamp

Bug: 329367768 This is the basic SELinux setup for a HAL. Since this lives in gs-common and not all pixel devices will have the corresponding vendor manifest, this hal will have to be marked as optional. Test: If this was configured incorrectly, then the build should fail Doc: go/shared-modem-platform-cpp-backend Change-Id: I6dd0ee3d68ff226e14e3bdffe2e828c1184c1a01
2024-03-13 15:13:14 +08:00 · 2024-03-13 15:13:14 +08:00 · d26d8270ff
commit d26d8270ff
parent c14a6a75cc
6 changed files with 25 additions and 0 deletions
--- a/modem/shared_modem_platform/compatibility_matrix.xml
+++ b/modem/shared_modem_platform/compatibility_matrix.xml
@ -0,0 +1,11 @@
+<compatibility-matrix version="1.0" type="framework">
+    <!-- Optional since older devices will not register any services. -->
+    <hal format="aidl" optional="true">
+        <name>com.google.pixel.shared_modem_platform</name>
+        <version>1</version>
+        <interface>
+            <name>ISharedModemPlatform</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</compatibility-matrix>
--- a/modem/shared_modem_platform/sepolicy/attributes
+++ b/modem/shared_modem_platform/sepolicy/attributes
@ -0,0 +1 @@
+hal_attribute(shared_modem_platform)
--- a/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
+++ b/modem/shared_modem_platform/sepolicy/hal_shared_modem_platform.te
@ -0,0 +1,8 @@
+# Allow binder connection from client to server
+binder_call(hal_shared_modem_platform_client, hal_shared_modem_platform_server)
+
+# Allow client to find the service, server to register the service
+hal_attribute_service(hal_shared_modem_platform, hal_shared_modem_platform_service)
+
+# Allow binder communication from server to service_manager
+binder_use(hal_shared_modem_platform_server)
--- a/modem/shared_modem_platform/sepolicy/service.te
+++ b/modem/shared_modem_platform/sepolicy/service.te
@ -0,0 +1 @@
+type hal_shared_modem_platform_service, hal_service_type, service_manager_type;
--- a/modem/shared_modem_platform/sepolicy/service_contexts
+++ b/modem/shared_modem_platform/sepolicy/service_contexts
@ -0,0 +1,2 @@
+# Bind Shared Modem Platform AIDL service name to the SELinux type.
+com.google.pixel.shared_modem_platform.ISharedModemPlatform/default u:object_r:hal_shared_modem_platform_service:s0
--- a/modem/shared_modem_platform/shared_modem_platform.mk
+++ b/modem/shared_modem_platform/shared_modem_platform.mk
@ -7,3 +7,5 @@ SOONG_CONFIG_shared_modem_platform += \
 SOONG_CONFIG_shared_modem_platform_vendor := $(SHARED_MODEM_PLATFORM_VENDOR)

 PRODUCT_PACKAGES += shared_modem_platform
+DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/shared_modem_platform/compatibility_matrix.xml
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/shared_modem_platform/sepolicy
				`@ -0,0 +1 @@`
				`type hal_shared_modem_platform_service, hal_service_type, service_manager_type;`