Add sepolicy dir for VHAL - Default VHAL implementation needs a sepolicy to communicate with car watchdog. Bug: 156200577 Test: atest android.car.apitest.CarUserManagerTest#testLifecycleListener Change-Id: I76af5c150603440d383987e708ca06038df9d959

commit: 34fff31ac6eaf1af98653c4d0abea739ce77705b [log] [tgz]
author: Eric Jeong <ericjeong@google.com> Sun May 10 22:07:04 2020 -0700
committer: Eric Jeong <ericjeong@google.com> Sun May 10 22:17:27 2020 -0700
tree: 21ab263a1d2db500b2fbdc513dd384b986566701
parent: ff20bcd431b09a970f38787a7776d4b177682bbc [diff]
diff --git a/shared/auto/device.mk b/shared/auto/device.mk
index b19f559..d825b00 100644
--- a/shared/auto/device.mk
+++ b/shared/auto/device.mk

@@ -59,6 +59,7 @@
 # vehicle HAL
 ifeq ($(LOCAL_VHAL_PRODUCT_PACKAGE),)
     LOCAL_VHAL_PRODUCT_PACKAGE := android.hardware.automotive.vehicle@2.0-service
+    BOARD_SEPOLICY_DIRS += device/google/cuttlefish/shared/auto/sepolicy
 endif
 PRODUCT_PACKAGES += $(LOCAL_VHAL_PRODUCT_PACKAGE)
 

diff --git a/shared/auto/sepolicy/hal_vehicle_default.te b/shared/auto/sepolicy/hal_vehicle_default.te
new file mode 100644
index 0000000..c0a9698
--- /dev/null
+++ b/shared/auto/sepolicy/hal_vehicle_default.te

@@ -0,0 +1,3 @@
+# Configuration for register VHAL to car watchdog
+carwatchdog_client_domain(hal_vehicle_default)
+binder_use(hal_vehicle_default)

diff --git a/shared/auto/sepolicy/system_server.te b/shared/auto/sepolicy/system_server.te
new file mode 100644
index 0000000..a9ce1b1
--- /dev/null
+++ b/shared/auto/sepolicy/system_server.te

@@ -0,0 +1,2 @@
+# Allow system_server to kill vehicle HAL
+allow system_server hal_vehicle_server:process sigkill;
commit	34fff31ac6eaf1af98653c4d0abea739ce77705b	[log] [tgz]
author	Eric Jeong <ericjeong@google.com>	Sun May 10 22:07:04 2020 -0700
committer	Eric Jeong <ericjeong@google.com>	Sun May 10 22:17:27 2020 -0700
tree	21ab263a1d2db500b2fbdc513dd384b986566701
parent	ff20bcd431b09a970f38787a7776d4b177682bbc [diff]