From cebbf141748f1c8636610c884a7f51ca3773f83c Mon Sep 17 00:00:00 2001 From: Michael Ayoubi Date: Thu, 10 Jun 2021 02:11:14 +0000 Subject: [PATCH] Add support for non-su hal_uwb Bug: 187386527 Test: Boot and confirm HAL is up Signed-off-by: Michael Ayoubi Change-Id: Ia9f3f90fba6981762fe375aa37c81f8474ad9c53 --- whitechapel/vendor/google/hal_uwb.te | 15 +++++++++++++++ whitechapel/vendor/google/hal_uwb_default.te | 3 +++ whitechapel/vendor/google/uwb_vendor_app.te | 6 ++++++ 3 files changed, 24 insertions(+) create mode 100644 whitechapel/vendor/google/hal_uwb.te diff --git a/whitechapel/vendor/google/hal_uwb.te b/whitechapel/vendor/google/hal_uwb.te new file mode 100644 index 00000000..d0995686 --- /dev/null +++ b/whitechapel/vendor/google/hal_uwb.te @@ -0,0 +1,15 @@ +# HwBinder IPC from client to server +binder_call(hal_uwb_client, hal_uwb_server) +binder_call(hal_uwb_server, hal_uwb_client) + +hal_attribute_service(hal_uwb, hal_uwb_service) + +binder_call(hal_uwb_server, servicemanager) + +# allow hal_uwb to set wpan interfaces up and down +allow hal_uwb self:udp_socket create_socket_perms; +allowxperm hal_uwb self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL }; +allow hal_uwb self:global_capability_class_set { net_admin }; + +# allow hal_uwb to speak to nl802154 in the kernel +allow hal_uwb self:netlink_generic_socket create_socket_perms_no_ioctl; diff --git a/whitechapel/vendor/google/hal_uwb_default.te b/whitechapel/vendor/google/hal_uwb_default.te index f066aa4d..2d513b61 100644 --- a/whitechapel/vendor/google/hal_uwb_default.te +++ b/whitechapel/vendor/google/hal_uwb_default.te @@ -3,3 +3,6 @@ type hal_uwb_default_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(hal_uwb_default) add_service(hal_uwb_default, hal_uwb_service) + +hal_server_domain(hal_uwb_default, hal_uwb) +binder_call(hal_uwb_default, uwb_vendor_app) diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te index aee5c49f..e0a9ebc9 100644 --- a/whitechapel/vendor/google/uwb_vendor_app.te +++ b/whitechapel/vendor/google/uwb_vendor_app.te @@ -4,9 +4,15 @@ app_domain(uwb_vendor_app) add_service(uwb_vendor_app, uwb_vendor_service) +not_recovery(` +hal_client_domain(uwb_vendor_app, hal_uwb) + allow uwb_vendor_app app_api_service:service_manager find; allow uwb_vendor_app hal_uwb_service:service_manager find; allow uwb_vendor_app nfc_service:service_manager find; allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms; allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; + +binder_call(uwb_vendor_app, hal_uwb_default) +')