新增HIDL service需要修改的sepolicy文件整理

以添加 “android.hardware.lightnew@1.0-service” 为例，替换 lightnew 为自定义名称即可

1.  system/sepolicy/public/attributes

2. system/sepolicy/prebuilts/api/29.0/public/attributes

+ hal_attribute(lightnew);

//hal_attribute函数如下：

system/sepolicy/prebuilts/api/29.0/public/te_macros

#####################################
# hal_attribute(hal_name)
# Add an attribute for hal implementations along with necessary
# restrictions.
define(`hal_attribute', `
attribute hal_$1;
expandattribute hal_$1 true;
attribute hal_$1_client;
expandattribute hal_$1_client true;
attribute hal_$1_server;
expandattribute hal_$1_server false;

//所以后文的lightnew会有前缀hal_

3. 新建文件 system/sepolicy/public/hal_lightnew.te

4  新建文件system/sepolicy/prebuilts/api/29.0/public/hal_lightnew.te

# HwBinder IPC from client to server, and callbacks
binder_call(hal_lightnew_client, hal_lightnew_server)
binder_call(hal_lightnew_server, hal_lightnew_client)

hal_attribute_hwservice(hal_lightnew, hal_lightnew_hwservice)
 

5. 新建文件system/sepolicy/vendor/hal_lightnew_default.te

type hal_lightnew_default, domain;
hal_server_domain(hal_lightnew_default, hal_lightnew)

type hal_lightnew_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_lightnew_default)

6.  system/sepolicy/private/hwservice_contexts

7. system/sepolicy/prebuilts/api/29.0/public/hwservice.te

+ android.hardware.lightnew::ILightnew                            u:object_r:hal_lightnew_hwservice:s0

8. system/sepolicy/private/system_server.te

9. system/sepolicy/prebuilts/api/29.0/private/system_server.te

+ hal_client_domain(system_server, hal_lightnew)

10. system/sepolicy/public/hwservice.te

11. system/sepolicy/prebuilts/api/29.0/public/hwservice.te

+ type hal_lightnew_hwservice, hwservice_manager_type;

12. system/sepolicy/vendor/file_contexts

+ /(vendor|system/vendor)/bin/hw/android\.hardware\.lightnew@1\.0-service       u:object_r:hal_lightnew_default_exec:s0

13. system/sepolicy/private/compat/26.0/26.0.ignore.cil
14. system/sepolicy/private/compat/27.0/27.0.ignore.cil
15. system/sepolicy/private/compat/28.0/28.0.ignore.cil

16. system/sepolicy/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil
17. system/sepolicy/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil
18. system/sepolicy/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil

new_objects 中添加：

+ hal_lightnew_hwservice

19. system/sepolicy/private/app_neverallows.te

20. system/sepolicy/prebuilts/api/29.0/private/app_neverallows.te

all_untrusted_apps 中添加：

+   hal_lightnew_hwservice

//以下文件为通过VTS：

21. system/sepolicy/public/su.te

22. system/sepolicy/prebuilts/api/29.0/public/su.te

+ typeattribute su hal_lightnew_client;

本文地址：https://blog.csdn.net/SeakIsBest/article/details/110239074