SeLinux build failure for extended AOSP HAL service in Vendor image

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SeLinux build failure for extended AOSP HAL service in Vendor image

Stanley Lei
Hi,

I'm working on extended Google VHAL service based on HIDL interface in Android O which extends from interface "android.hardware.automotive.vehicle", and the generated VHAL service will be located in vendor/bin/hw/ folder. When I tried to add seLinux policy as below:

add_hwservice(hal_automotive_vehicle_ff, hal_vehicle_hwservice)

It reports I need to add "default_android_hwservice:hwservice_manager add". But after I added it in my policy file, it caused the build failure as below:

neverallow * default_android_hwservice:hwservice_manager { add find };

I tried to find out the answer from Google's document "SeLinux Treble", found below description, but still don't know the answer for this:

"vendor-image support to work with AOSP
Example : Adding a new process (registered with hwservicemanager from the vendor
image) that implements an AOSP-defined HAL.
As with devices launching with previous Android versions, perform device-specific
customization in device/XXX/YYY/sepolicy . The policy exported as part of
system/sepolicy/public/ is available for use, and is shipped as part of the vendor
policy. Types and attributes from the public policy may be used in new rules dictating
interactions with the new vendor-specific bits, subject to the provided neverallow
restrictions. As with the vendor-only case, new policy here will not be updated as part of a
framework-only OTA and will be present in the combined policy on a device with the
reference AOSP system image."

Could anyone give me any suggestion on this?

Thanks,
Stanley

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.