gs-common: move sepolicy related to bootctrl hal aidl to gs-common

Bug: 265063384 Change-Id: I8f090f4601e0719ae3abe3e9d0981710fdc8b6af Signed-off-by: Jason Chiu <jasoncschiu@google.com>
2023-11-27 16:58:15 +08:00 · 2023-11-27 16:58:15 +08:00 · 9895837239
commit 9895837239
parent e2592f8850
5 changed files with 18 additions and 0 deletions
--- a/bootctrl/bootctrl_aidl.mk
+++ b/bootctrl/bootctrl_aidl.mk
@ -1,3 +1,5 @@
 PRODUCT_PACKAGES += \
 	android.hardware.boot-service.default-pixel \
 	android.hardware.boot-service.default_recovery-pixel
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bootctrl/sepolicy/aidl
--- a/bootctrl/sepolicy/aidl/device.te
+++ b/bootctrl/sepolicy/aidl/device.te
@ -0,0 +1,5 @@
+# devinfo block device
+type devinfo_block_device, dev_type;
+
+# OTA
+type sda_block_device, dev_type;
--- a/bootctrl/sepolicy/aidl/file.te
+++ b/bootctrl/sepolicy/aidl/file.te
@ -0,0 +1,2 @@
+# sysfs
+type sysfs_ota, sysfs_type, fs_type;
--- a/bootctrl/sepolicy/aidl/file_contexts
+++ b/bootctrl/sepolicy/aidl/file_contexts
@ -0,0 +1 @@
+/vendor/bin/hw/android\.hardware\.boot-service\.default-pixel                u:object_r:hal_bootctl_default_exec:s0
--- a/bootctrl/sepolicy/aidl/hal_bootctl_default.te
+++ b/bootctrl/sepolicy/aidl/hal_bootctl_default.te
@ -0,0 +1,8 @@
+allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;
+allow hal_bootctl_default tee_device:chr_file rw_file_perms;
+
+recovery_only(`
+  allow hal_bootctl_default rootfs:dir r_dir_perms;
+')
				`@ -0,0 +1 @@`
				`/vendor/bin/hw/android\.hardware\.boot-service\.default-pixel u:object_r:hal_bootctl_default_exec:s0`