89dd17c9ad
Contexthub (CHRE) team is removing the chre daemon and incorporating its functionalities into the next gen HAL. This CL copied the permissions we received in whitechapel/vendor/google/chre.te to hal_contexthub.te to enable the same set of permissions on gs101. Bug: 247124878 Test: launch the hal process on oriole and verify it can perform required operations such as loading nanoapps holding wakelocks, query nanoapps, etc. Change-Id: I8ce6b4f7f411e50cf454bb5f1286f73d4d46aced
30 lines
1.2 KiB
Text
30 lines
1.2 KiB
Text
# Allow context hub HAL to communicate with daemon via socket
|
|
allow hal_contexthub_default chre:unix_stream_socket connectto;
|
|
allow hal_contexthub_default chre_socket:sock_file write;
|
|
|
|
# Permit communication with AoC
|
|
allow hal_contexthub_default aoc_device:chr_file rw_file_perms;
|
|
|
|
# Allow CHRE to determine AoC's current clock
|
|
allow hal_contexthub_default sysfs_aoc:dir search;
|
|
allow hal_contexthub_default sysfs_aoc_boottime:file r_file_perms;
|
|
|
|
# Allow CHRE to create thread to watch AOC's device
|
|
allow hal_contexthub_default aoc_device:dir r_dir_perms;
|
|
|
|
# Allow CHRE to use the USF low latency transport
|
|
usf_low_latency_transport(hal_contexthub_default)
|
|
|
|
# Allow CHRE to talk to the WiFi HAL
|
|
allow hal_contexthub_default hal_wifi_ext:binder { call transfer };
|
|
allow hal_contexthub_default hal_wifi_ext_service:service_manager find;
|
|
|
|
# Allow CHRE host to talk to stats service
|
|
allow hal_contexthub_default fwk_stats_service:service_manager find;
|
|
binder_call(hal_contexthub_default, stats_service_server)
|
|
|
|
# Allow CHRE to use WakeLock
|
|
wakelock_use(hal_contexthub_default)
|
|
|
|
# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP
|
|
allow hal_contexthub_default self:global_capability2_class_set block_suspend;
|