sepolicy: Allow keymaster to register mtk keyinstall service to servicemanager
Change-Id: I840819f7a28fa6f7877986a0c14d6b857f1aedfd
diff --git a/basic/non_plat/hwservice.te b/basic/non_plat/hwservice.te
index 4d59524..1c869cd 100644
--- a/basic/non_plat/hwservice.te
+++ b/basic/non_plat/hwservice.te
@@ -74,3 +74,5 @@
# Date: 2021/06/30
# composer extension HIDL
type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice;
+
+type mtk_hal_keyinstall_hwservice, hwservice_manager_type;
diff --git a/basic/non_plat/hwservice_contexts b/basic/non_plat/hwservice_contexts
index 5e5a37e..6627bf6 100644
--- a/basic/non_plat/hwservice_contexts
+++ b/basic/non_plat/hwservice_contexts
@@ -87,3 +87,5 @@
# Date: 2021/06/30
# composer extension HIDL
vendor.mediatek.hardware.composer_ext::IComposerExt u:object_r:mtk_hal_composer_ext_hwservice:s0
+
+vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0
diff --git a/bsp/non_plat/mtk_hal_keyinstall.te b/bsp/non_plat/mtk_hal_keyinstall.te
index c7b192e..43978f7 100644
--- a/bsp/non_plat/mtk_hal_keyinstall.te
+++ b/bsp/non_plat/mtk_hal_keyinstall.te
@@ -7,6 +7,9 @@
# Setup for domain transition
init_daemon_domain(mtk_hal_keyinstall)
+add_hwservice(hal_keymaster_server, mtk_hal_keyinstall_hwservice)
+allow hal_keymaster_client mtk_hal_keyinstall_hwservice:hwservice_manager find;
+
# Allow mtk_hal_keyinstall to communicate with mobicore
allow mtk_hal_keyinstall mobicore:unix_stream_socket connectto;
allow mtk_hal_keyinstall mobicore_data_file:dir search;