Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set up common sepolicy for CHRE

Browse source 
Bug: 248615564
Test: compilation by make sepolicy
Change-Id: I0bde64d26d0c4451343f6f7032aecc20b275feaa
This commit is contained in:
Lei Ju 2023-12-15 14:48:25 -08:00
parent 175dd9b1b4
commit f7f93daaf3
4 changed files with 37 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
chre/README.txt Normal file
View file

@ -0,0 +1,5 @@
This folder contains the common settings for CHRE shared by various platforms.
Dependencies among types can happen. For example, hal_contexthub_default
depends on sysfs_aoc at the moment. When setting up a device with CHRE
we should make sure rules of dependent types are included too.

2
chre/hal.mk Normal file
View file

@ -0,0 +1,2 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/chre/sepolicy/
PRODUCT_PACKAGES += android.hardware.contexthub-service.generic

1
chre/sepolicy/file_contexts Normal file
View file

@ -0,0 +1 @@
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0

29
chre/sepolicy/hal_contexthub_default.te Normal file
View file

@ -0,0 +1,29 @@
# Allow context hub HAL to communicate with daemon via socket
unix_socket_connect(hal_contexthub_default, chre, chre)
# Permit communication with AoC
allow hal_contexthub_default aoc_device:chr_file rw_file_perms;
# Allow context hub HAL to determine AoC's current clock
allow hal_contexthub_default sysfs_aoc:dir search;
allow hal_contexthub_default sysfs_aoc_boottime:file r_file_perms;
# Allow context hub HAL to create thread to watch AOC's device
allow hal_contexthub_default aoc_device:dir r_dir_perms;
# Allow context hub HAL to use the USF low latency transport
usf_low_latency_transport(hal_contexthub_default)
# Allow context hub HAL to talk to the WiFi HAL
binder_call(hal_contexthub_default, hal_wifi_ext)
allow hal_contexthub_default hal_wifi_ext_service:service_manager find;
# Allow context hub HAL to talk to stats service
binder_call(hal_contexthub_default, stats_service_server)
allow hal_contexthub_default fwk_stats_service:service_manager find;
# Allow context hub HAL to use WakeLock
wakelock_use(hal_contexthub_default)
# Allow context hub HAL to block suspend, which is required to use EPOLLWAKEUP
allow hal_contexthub_default self:global_capability2_class_set block_suspend;