From 3eb5f527cfa4a4e89ca3e4ed9cdbf8f7454ed910 Mon Sep 17 00:00:00 2001
From: YiKai Peng <kenpeng@google.com>
Date: Fri, 15 Dec 2023 05:17:15 +0000
Subject: [PATCH] WLC: service: add configuration and contexts for sepolicy

binder setting is for callback by and access to hal_wireless_charger

Bug: 311315038
Test: authentication
Change-Id: Ieaf93c4736b7381be35bfcf12e83977762a3de5d
Signed-off-by: YiKai Peng <kenpeng@google.com>
---
 wireless_charger/compatibility_matrix.xml      |  8 ++++++++
 wireless_charger/sepolicy/dumpstate.te         |  1 +
 wireless_charger/sepolicy/file.te              |  1 +
 wireless_charger/sepolicy/file_contexts        |  4 ++++
 .../sepolicy/hal_wireless_charger.te           |  1 +
 wireless_charger/sepolicy/hal_wlcservice.te    | 18 ++++++++++++++++++
 wireless_charger/sepolicy/service.te           |  1 +
 wireless_charger/sepolicy/service_contexts     |  1 +
 wireless_charger/wireless_charger.mk           |  1 +
 9 files changed, 36 insertions(+)
 create mode 100644 wireless_charger/sepolicy/dumpstate.te
 create mode 100644 wireless_charger/sepolicy/file.te
 create mode 100644 wireless_charger/sepolicy/hal_wlcservice.te
 create mode 100644 wireless_charger/sepolicy/service.te

diff --git a/wireless_charger/compatibility_matrix.xml b/wireless_charger/compatibility_matrix.xml
index 7d18cd9..b760b1d 100644
--- a/wireless_charger/compatibility_matrix.xml
+++ b/wireless_charger/compatibility_matrix.xml
@@ -7,4 +7,12 @@
             <instance>default</instance>
         </interface>
     </hal>
+    <hal format="aidl" optional="true">
+        <name>vendor.google.wireless_charger.service</name>
+        <version>1</version>
+        <interface>
+            <name>IWlcService</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
 </compatibility-matrix>
diff --git a/wireless_charger/sepolicy/dumpstate.te b/wireless_charger/sepolicy/dumpstate.te
new file mode 100644
index 0000000..3c5fac3
--- /dev/null
+++ b/wireless_charger/sepolicy/dumpstate.te
@@ -0,0 +1 @@
+binder_call(dumpstate, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/file.te b/wireless_charger/sepolicy/file.te
new file mode 100644
index 0000000..6dd54c8
--- /dev/null
+++ b/wireless_charger/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_wlc_file, file_type, data_file_type;
diff --git a/wireless_charger/sepolicy/file_contexts b/wireless_charger/sepolicy/file_contexts
index 004c7a1..98796a9 100644
--- a/wireless_charger/sepolicy/file_contexts
+++ b/wireless_charger/sepolicy/file_contexts
@@ -1 +1,5 @@
 /vendor/bin/hw/vendor\.google\.wireless_charger-default                  u:object_r:hal_wireless_charger_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default         u:object_r:hal_wlcservice_exec:s0
+
+# Data
+/data/vendor/wireless_charger(/.*)?                                      u:object_r:vendor_wlc_file:s0
diff --git a/wireless_charger/sepolicy/hal_wireless_charger.te b/wireless_charger/sepolicy/hal_wireless_charger.te
index 7ab8d83..b5ed734 100644
--- a/wireless_charger/sepolicy/hal_wireless_charger.te
+++ b/wireless_charger/sepolicy/hal_wireless_charger.te
@@ -17,3 +17,4 @@ userdebug_or_eng(`
 
 binder_call(hal_wireless_charger, platform_app)
 binder_call(hal_wireless_charger, system_app)
+binder_call(hal_wireless_charger, hal_wlcservice)
diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te
new file mode 100644
index 0000000..eadb593
--- /dev/null
+++ b/wireless_charger/sepolicy/hal_wlcservice.te
@@ -0,0 +1,18 @@
+type hal_wlcservice, domain;
+type hal_wlcservice_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_wlcservice)
+
+allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
+allow hal_wlcservice vendor_wlc_file:file create_file_perms;
+allow hal_wlcservice hal_wireless_charger_service:service_manager find;
+allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
+
+binder_call(hal_wlcservice, servicemanager)
+add_service(hal_wlcservice, hal_wlcservice_service)
+
+userdebug_or_eng(`
+     domain_auto_trans(shell,  hal_wlcservice_exec, hal_wlcservice)
+')
+
+binder_call(hal_wlcservice, hal_wireless_charger)
diff --git a/wireless_charger/sepolicy/service.te b/wireless_charger/sepolicy/service.te
new file mode 100644
index 0000000..8f8d87b
--- /dev/null
+++ b/wireless_charger/sepolicy/service.te
@@ -0,0 +1 @@
+type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;
diff --git a/wireless_charger/sepolicy/service_contexts b/wireless_charger/sepolicy/service_contexts
index 5813e35..ed2faba 100644
--- a/wireless_charger/sepolicy/service_contexts
+++ b/wireless_charger/sepolicy/service_contexts
@@ -1 +1,2 @@
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
+vendor.google.wireless_charger.service.IWlcService/default                   u:object_r:hal_wlcservice_service:s0
diff --git a/wireless_charger/wireless_charger.mk b/wireless_charger/wireless_charger.mk
index acf5fc1..a2dc27c 100644
--- a/wireless_charger/wireless_charger.mk
+++ b/wireless_charger/wireless_charger.mk
@@ -1,5 +1,6 @@
 PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
 PRODUCT_PACKAGES += vendor.google.wireless_charger-default
+PRODUCT_PACKAGES += vendor.google.wireless_charger.service-default
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/wireless_charger/compatibility_matrix.xml
 
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy