android 系统(13)---Android(安卓)O treble 新增hal hwservice selinux policy
16lz
2021-12-04
EX: vendor.mediatek.hardware.xxxxxx
1.hwservice.te
type mtk_hal_xxx_hwservice, hwservice_manager_type;
2-1.hwservice_contexts
vendor.mediatek.hardware.xxx::IXXX u:object_r:mtk_hal_xxx_hwservice:s0
2-2.file_contexts
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.xxx@1\.1-service u:object_r:mtk_hal_xxx_exec:s0
3.mtk_hal_xxx.te
type mtk_hal_xxx, domain; # Set a new domain called mtk_hal_xxx
hal_server_domain(mtk_hal_xxx, hal_xxx) # Set your domain as server domain of hal_xxx in which define by AOSP already
type mtk_hal_xxx_exec, exec_type, file_type, vendor_file_type; # Set your exec file type
init_daemon_domain(mtk_hal_xxx) # Setup for domain transition
#Every mtk_hal_xxx.te should follow as above, this is basic policy for every hal domain
add_hwservice(hal_xxx_server, mtk_hal_xxx_hwservice) # Associate your defined mtk hal hwservice with all server domain, in this case it is your domain
allow hal_xxx_client mtk_hal_xxx_hwservice :hwservice_manager find; #Give permission for your xxx hal client to find your new defined hwservice
#add your additional policy here 案例(mtk_hal_power)
1.
/device/mediatek/sepolicy/basic/non_plat/hwservice.te
type mtk_hal_power_hwservice, hwservice_manager_type;
2.
/device/mediatek/sepolicy/basic/non_plat/hwservice_contexts
vendor.mediatek.hardware.power::IPower u:object_r:mtk_hal_power_hwservice:s0
/device/mediatek/sepolicy/basic/non_plat/file_contexts
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.power@1\.1-service u:object_r:mtk_hal_power_exec:s0
3.
/device/mediatek/sepolicy/basic/non_plat/mtk_hal_power.te
type mtk_hal_power, domain; # Set a new domain called mtk_hal_xxx
type mtk_hal_power_exec, exec_type, file_type, vendor_file_type; # Set your exec file type
# hwbinder access
init_daemon_domain(mtk_hal_power) # Setup for domain transition
hwbinder_use(mtk_hal_power);
allow mtk_hal_power hwservicemanager_prop:file r_file_perms;
allow mtk_hal_power hal_power_hwservice:hwservice_manager { add find };
allow mtk_hal_power hidl_base_hwservice:hwservice_manager add;
add_hwservice(hal_power, mtk_hal_power_hwservice)# Associate your defined mtk hal hwservice with all server domain, in this case it is your domain
allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find;#Give permission for your xxx hal client to find your new defined hwservice
hal_server_domain(mtk_hal_power, hal_power); # Set your domain as server domain of hal_xxx in which define by AOSP already ...
1.hwservice.te
type mtk_hal_xxx_hwservice, hwservice_manager_type;
2-1.hwservice_contexts
vendor.mediatek.hardware.xxx::IXXX u:object_r:mtk_hal_xxx_hwservice:s0
2-2.file_contexts
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.xxx@1\.1-service u:object_r:mtk_hal_xxx_exec:s0
3.mtk_hal_xxx.te
type mtk_hal_xxx, domain; # Set a new domain called mtk_hal_xxx
hal_server_domain(mtk_hal_xxx, hal_xxx) # Set your domain as server domain of hal_xxx in which define by AOSP already
type mtk_hal_xxx_exec, exec_type, file_type, vendor_file_type; # Set your exec file type
init_daemon_domain(mtk_hal_xxx) # Setup for domain transition
#Every mtk_hal_xxx.te should follow as above, this is basic policy for every hal domain
add_hwservice(hal_xxx_server, mtk_hal_xxx_hwservice) # Associate your defined mtk hal hwservice with all server domain, in this case it is your domain
allow hal_xxx_client mtk_hal_xxx_hwservice :hwservice_manager find; #Give permission for your xxx hal client to find your new defined hwservice
#add your additional policy here 案例(mtk_hal_power)
1.
/device/mediatek/sepolicy/basic/non_plat/hwservice.te
type mtk_hal_power_hwservice, hwservice_manager_type;
2.
/device/mediatek/sepolicy/basic/non_plat/hwservice_contexts
vendor.mediatek.hardware.power::IPower u:object_r:mtk_hal_power_hwservice:s0
/device/mediatek/sepolicy/basic/non_plat/file_contexts
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.power@1\.1-service u:object_r:mtk_hal_power_exec:s0
3.
/device/mediatek/sepolicy/basic/non_plat/mtk_hal_power.te
type mtk_hal_power, domain; # Set a new domain called mtk_hal_xxx
type mtk_hal_power_exec, exec_type, file_type, vendor_file_type; # Set your exec file type
# hwbinder access
init_daemon_domain(mtk_hal_power) # Setup for domain transition
hwbinder_use(mtk_hal_power);
allow mtk_hal_power hwservicemanager_prop:file r_file_perms;
allow mtk_hal_power hal_power_hwservice:hwservice_manager { add find };
allow mtk_hal_power hidl_base_hwservice:hwservice_manager add;
add_hwservice(hal_power, mtk_hal_power_hwservice)# Associate your defined mtk hal hwservice with all server domain, in this case it is your domain
allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find;#Give permission for your xxx hal client to find your new defined hwservice
hal_server_domain(mtk_hal_power, hal_power); # Set your domain as server domain of hal_xxx in which define by AOSP already ...
更多相关文章
- 提供一些Android免费课程分享给大家
- Android(安卓)SharedPreferences的使用案例
- Android(安卓)控件GridView使用案例讲解
- Android初级教程小案例之单选框RadioGroup与复选框CheckBox
- android利用GPS和高德地图获取定位案例
- 实现Android简单动画旋转案例
- Android应用程序开发实用案例50则
- android照相简单案例
- 登录案例_android