Android P添加一个可以让system_server进程访问的hal service需要改动的sepolicy文件

时间:2022-09-25 16:24:20

在device/sepolicy/common目录中:

修改文件attributes:

attribute hal_newXX;
attribute hal_newXX_client;
attribute hal_newXX_server;

修改文件file_contexts:

/(vendor|system/vendor)/bin/hw/android\.hardware\.newXX@1\.0-service u:object_r:hal_newXX_default_exec:s0

添加文件hal_newXX_default.te:

type hal_newXX_default, domain, mlstrustedsubject;

hal_server_domain(hal_newXX_default, hal_newXX)

type hal_newXX_default_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(hal_newXX_default)

# Allow hwbinder call from hal client to server

binder_call(hal_newXX_client, hal_newXX_server)

# Add hwservice related rules

add_hwservice(hal_newXX_server, hal_newXX_hwservice)

allow hal_newXX_client hal_newXX_hwservice:hwservice_manager find;

#hwbinder_use(hal_newXX)

get_prop(hal_newXX, hwservicemanager_prop)

allow hal_newXX_default mnt_vendor_file:dir rw_dir_perms;

修改hwservice.te:

type hal_newXX_hwservice, hwservice_manager_type;

修改hwservice_contexts:

android.hardware.newXX::INewXX                     u:object_r:hal_newXX_hwservice:s0

修改system_server.te:

hal_client_domain(system_server, hal_newXX)

其中实现的hidl服务是android.hardware.newXX@1.0-service。具体实现的接口是android.hardware.newXX::INewXX