From f31f736d36f2b0128b6f2f33dec26fb4dc3b2e3c Mon Sep 17 00:00:00 2001
From: ChengYou Ho <chengyouho@google.com>
Date: Fri, 16 Sep 2022 20:36:39 +0000
Subject: [PATCH] Add weaver AIDL service sepolicy

avc: denied { call } for scontext=u:r:hal_weaver_citadel:s0 tcontext=u:r:citadeld:s0 tclass=binder permissive=1
avc:  denied  { find } for pid=3023 uid=1064 name=android.hardware.citadel.ICitadeld scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=1
avc: denied { read } for comm="android.hardwar" name="vndbinder" dev="binder" ino=6 scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { write } for comm="android.hardwar" name="vndbinder" dev="binder" ino=6 scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { open } for comm="android.hardwar" path="/dev/binderfs/vndbinder" dev="binder" ino=6 scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for comm="android.hardwar" path="/dev/binderfs/vndbinder" dev="binder" ino=6 ioctlcmd=0x6209 scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { map } for comm="android.hardwar" path="/dev/binderfs/vndbinder" dev="binder" ino=6 scontext=u:r:hal_weaver_citadel:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1


Bug: 246952216
Change-Id: Id77dc947327a0b9f963fd98bd0143a1b86f646dd
---
 dauntless/sepolicy/file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dauntless/sepolicy/file_contexts b/dauntless/sepolicy/file_contexts
index a1d382b..8d59a51 100644
--- a/dauntless/sepolicy/file_contexts
+++ b/dauntless/sepolicy/file_contexts
@@ -3,6 +3,7 @@
 /vendor/bin/hw/init_citadel                                                 u:object_r:init_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel        u:object_r:hal_keymint_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel              u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.weaver-service\.citadel                   u:object_r:hal_weaver_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel            u:object_r:hal_identity_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.authsecret-service\.citadel               u:object_r:hal_authsecret_citadel_exec:s0
 /vendor/bin/hw/citadel_updater                                              u:object_r:citadel_updater:s0