author | Tellen Yu <tellen.yu@amlogic.com> | 2020-05-13 07:57:37 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2020-05-15 05:47:14 (GMT) |
commit | d678d9ba821303e158651ea71b6ef677d7a44b0f (patch) | |
tree | cb1d481d1dd3d340507477dad537d1e087af3957 | |
parent | 86fe83d11dc2b87302dd276442ab6691955e8120 (diff) | |
download | common-d678d9ba821303e158651ea71b6ef677d7a44b0f.zip common-d678d9ba821303e158651ea71b6ef677d7a44b0f.tar.gz common-d678d9ba821303e158651ea71b6ef677d7a44b0f.tar.bz2 |
oemlock: add oemlock hal [1/4]
PD#GH-409
BUG: 156227655
Problem:
Currently, we use 'fastboot flashing unlock' command to
unlock the device. But it's not a standard method.
We need follow below doc to implement it.
https://source.android.com/devices/bootloader/unlock-trusty
Solution:
add oemlock sepolicy
Verify:
sabrina
Change-Id: If6b031bc4df19908d8fd08562d2e055777e8a981
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>
-rw-r--r--[-rwxr-xr-x] | sepolicy/file_contexts | 2 | ||||
-rw-r--r-- | sepolicy/hal_oemlock_default.te | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 7eeb141..79b29d0 100755..100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -309,6 +309,8 @@ /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.3-service\.droidlogic u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/android\.hardware\.thermal@2\.0-service.droidlogic u:object_r:hal_thermal_default_exec:s0 /vendor/bin/hw/android\.hardware\.audio@2\.0-service-droidlogic u:object_r:hal_audio_default_exec:s0 +/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.droidlogic u:object_r:hal_oemlock_default_exec:s0 + /data/vendor/mediadrm(/.*)? u:object_r:hal_drm_data:s0 diff --git a/sepolicy/hal_oemlock_default.te b/sepolicy/hal_oemlock_default.te new file mode 100644 index 0000000..dbc0dd1 --- a/dev/null +++ b/sepolicy/hal_oemlock_default.te @@ -0,0 +1,8 @@ +type hal_oemlock_default, domain; +type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type; + +allow hal_oemlock_default system_control:binder { call transfer }; +allow hal_oemlock_default systemcontrol_hwservice:hwservice_manager { find }; + +hal_server_domain(hal_oemlock_default, hal_oemlock) +init_daemon_domain(hal_oemlock_default) |