Set up common sepolicy for CHRE
Bug: 248615564 Test: compilation by make sepolicy Change-Id: I0bde64d26d0c4451343f6f7032aecc20b275feaa
This commit is contained in:
parent
175dd9b1b4
commit
f7f93daaf3
4 changed files with 37 additions and 0 deletions
5
chre/README.txt
Normal file
5
chre/README.txt
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
This folder contains the common settings for CHRE shared by various platforms.
|
||||||
|
|
||||||
|
Dependencies among types can happen. For example, hal_contexthub_default
|
||||||
|
depends on sysfs_aoc at the moment. When setting up a device with CHRE
|
||||||
|
we should make sure rules of dependent types are included too.
|
2
chre/hal.mk
Normal file
2
chre/hal.mk
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/chre/sepolicy/
|
||||||
|
PRODUCT_PACKAGES += android.hardware.contexthub-service.generic
|
1
chre/sepolicy/file_contexts
Normal file
1
chre/sepolicy/file_contexts
Normal file
|
@ -0,0 +1 @@
|
||||||
|
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
|
29
chre/sepolicy/hal_contexthub_default.te
Normal file
29
chre/sepolicy/hal_contexthub_default.te
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# Allow context hub HAL to communicate with daemon via socket
|
||||||
|
unix_socket_connect(hal_contexthub_default, chre, chre)
|
||||||
|
|
||||||
|
# Permit communication with AoC
|
||||||
|
allow hal_contexthub_default aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow context hub HAL to determine AoC's current clock
|
||||||
|
allow hal_contexthub_default sysfs_aoc:dir search;
|
||||||
|
allow hal_contexthub_default sysfs_aoc_boottime:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow context hub HAL to create thread to watch AOC's device
|
||||||
|
allow hal_contexthub_default aoc_device:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow context hub HAL to use the USF low latency transport
|
||||||
|
usf_low_latency_transport(hal_contexthub_default)
|
||||||
|
|
||||||
|
# Allow context hub HAL to talk to the WiFi HAL
|
||||||
|
binder_call(hal_contexthub_default, hal_wifi_ext)
|
||||||
|
allow hal_contexthub_default hal_wifi_ext_service:service_manager find;
|
||||||
|
|
||||||
|
# Allow context hub HAL to talk to stats service
|
||||||
|
binder_call(hal_contexthub_default, stats_service_server)
|
||||||
|
allow hal_contexthub_default fwk_stats_service:service_manager find;
|
||||||
|
|
||||||
|
# Allow context hub HAL to use WakeLock
|
||||||
|
wakelock_use(hal_contexthub_default)
|
||||||
|
|
||||||
|
# Allow context hub HAL to block suspend, which is required to use EPOLLWAKEUP
|
||||||
|
allow hal_contexthub_default self:global_capability2_class_set block_suspend;
|
Loading…
Add table
Add a link
Reference in a new issue