Snap for 6489494 from e20deab8f6e554fa71311dc260d6d96b5c3b4145 to mainline-release
Change-Id: I6eac4780adc7268cef196b8f5581265a2af74df2
diff --git a/blueline_car/aosp_blueline_car.mk b/blueline_car/aosp_blueline_car.mk
index 66851ad..b658b04 100644
--- a/blueline_car/aosp_blueline_car.mk
+++ b/blueline_car/aosp_blueline_car.mk
@@ -46,6 +46,9 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
PRODUCT_PACKAGES += \
android.hardware.automotive.audiocontrol@1.0-service
diff --git a/bonito_car/aosp_bonito_car.mk b/bonito_car/aosp_bonito_car.mk
index 6980607..75bcf8f 100644
--- a/bonito_car/aosp_bonito_car.mk
+++ b/bonito_car/aosp_bonito_car.mk
@@ -46,6 +46,9 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
PRODUCT_PACKAGES += \
android.hardware.automotive.audiocontrol@1.0-service
diff --git a/common/sepolicy/hal_vehicle_default.te b/common/sepolicy/hal_vehicle_default.te
new file mode 100644
index 0000000..c0a9698
--- /dev/null
+++ b/common/sepolicy/hal_vehicle_default.te
@@ -0,0 +1,3 @@
+# Configuration for register VHAL to car watchdog
+carwatchdog_client_domain(hal_vehicle_default)
+binder_use(hal_vehicle_default)
diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te
new file mode 100644
index 0000000..a9ce1b1
--- /dev/null
+++ b/common/sepolicy/system_server.te
@@ -0,0 +1,2 @@
+# Allow system_server to kill vehicle HAL
+allow system_server hal_vehicle_server:process sigkill;
diff --git a/coral_car/aosp_coral_car.mk b/coral_car/aosp_coral_car.mk
index f156a84..1d60b00 100644
--- a/coral_car/aosp_coral_car.mk
+++ b/coral_car/aosp_coral_car.mk
@@ -46,6 +46,9 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
# Car init.rc
PRODUCT_COPY_FILES += \
packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \
diff --git a/crosshatch_car/aosp_crosshatch_car.mk b/crosshatch_car/aosp_crosshatch_car.mk
index 704a2f1..63f9dd0 100644
--- a/crosshatch_car/aosp_crosshatch_car.mk
+++ b/crosshatch_car/aosp_crosshatch_car.mk
@@ -46,6 +46,9 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
PRODUCT_PACKAGES += \
android.hardware.automotive.audiocontrol@1.0-service
diff --git a/flame_car/aosp_flame_car.mk b/flame_car/aosp_flame_car.mk
index 984c03f..cfaaf4e 100644
--- a/flame_car/aosp_flame_car.mk
+++ b/flame_car/aosp_flame_car.mk
@@ -46,6 +46,10 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
# Car init.rc
PRODUCT_COPY_FILES += \
packages/services/Car/car_product/init/init.bootstat.rc:root/init.bootstat.rc \
diff --git a/sargo_car/aosp_sargo_car.mk b/sargo_car/aosp_sargo_car.mk
index b3729aa..d8963de 100644
--- a/sargo_car/aosp_sargo_car.mk
+++ b/sargo_car/aosp_sargo_car.mk
@@ -46,6 +46,9 @@
android.hardware.broadcastradio@2.0-service \
android.hardware.automotive.vehicle@2.0-service
+# Additional selinux policy
+BOARD_SEPOLICY_DIRS += device/google_car/common/sepolicy
+
PRODUCT_PACKAGES += \
android.hardware.automotive.audiocontrol@1.0-service
