Recovery can use HALs only in passthrough mode am: 00a03d424f am: 0fd07767bc
am: 7e26fe4a1d
Change-Id: I72b534b55324ce3dc8df9a46b5c205e4e76f5509
diff --git a/public/recovery.te b/public/recovery.te
index a61c8e9..1ec19c5 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -9,7 +9,8 @@
recovery_only(`
# Allow recovery to perform an update as update_engine would do.
typeattribute recovery update_engine_common;
- hal_client_domain(recovery, hal_bootctl)
+ # Recovery can only use HALs in passthrough mode
+ passthrough_hal_client_domain(recovery, hal_bootctl)
allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin sys_tty_config };
diff --git a/public/te_macros b/public/te_macros
index bc5da60..97dd948 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -204,6 +204,22 @@
')
#####################################
+# passthrough_hal_client_domain(domain, hal_type)
+# Allow a base set of permissions required for a domain to be a
+# client of a passthrough HAL of the specified type.
+#
+# For example, make some_domain a client of passthrough Foo HAL:
+# passthrough_hal_client_domain(some_domain, hal_foo)
+#
+define(`passthrough_hal_client_domain', `
+typeattribute $1 halclientdomain;
+typeattribute $1 $2_client;
+typeattribute $1 $2;
+# Find passthrough HAL implementations
+allow $2 system_file:dir r_dir_perms;
+')
+
+#####################################
# unix_socket_connect(clientdomain, socket, serverdomain)
# Allow a local socket connection from clientdomain via
# socket to serverdomain.