Merge "Camera: allow cameraserver access hal_graphics_allocator"
diff --git a/private/app.te b/private/app.te
index 1b1f4ca..04be106 100644
--- a/private/app.te
+++ b/private/app.te
@@ -246,6 +246,9 @@
# Allow app to access the graphic allocator HAL
binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
+# App can access configstore HAL which is read only
+binder_call({ appdomain -isolated_app }, hal_configstore)
+
# Allow app to access shared memory created by camera HAL1
allow { appdomain -isolated_app } hal_camera:fd use;
diff --git a/private/file_contexts b/private/file_contexts
index 1e7345a..94a2a53 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -247,7 +247,7 @@
/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
-/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_exec:s0
+/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
#############################
# Vendor files
diff --git a/private/hal_allocator.te b/private/hal_allocator.te
deleted file mode 100644
index d185d49..0000000
--- a/private/hal_allocator.te
+++ /dev/null
@@ -1 +0,0 @@
-init_daemon_domain(hal_allocator)
diff --git a/private/hal_allocator_default.te b/private/hal_allocator_default.te
new file mode 100644
index 0000000..ff407d5
--- /dev/null
+++ b/private/hal_allocator_default.te
@@ -0,0 +1,5 @@
+type hal_allocator_default, domain;
+hal_server_domain(hal_allocator_default, hal_allocator)
+
+type hal_allocator_default_exec, exec_type, file_type;
+init_daemon_domain(hal_allocator_default)
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 0aff9f5..3808c83 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -9,7 +9,6 @@
# Perform HwBinder IPC.
hwbinder_use(surfaceflinger)
-binder_call(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_allocator)
binder_call(surfaceflinger, hal_graphics_composer)
hal_client_domain(surfaceflinger, hal_graphics_composer)
diff --git a/public/attributes b/public/attributes
index 799a4fd..b9360a6 100644
--- a/public/attributes
+++ b/public/attributes
@@ -121,6 +121,9 @@
attribute halclientdomain;
# HALs
+attribute hal_allocator;
+attribute hal_allocator_client;
+attribute hal_allocator_server;
attribute hal_audio;
attribute hal_audio_client;
attribute hal_audio_server;
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
deleted file mode 100644
index cab0145..0000000
--- a/public/hal_allocator.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# allocator subsystem
-type hal_allocator, domain;
-hal_impl_domain(hal_allocator)
-
-type hal_allocator_exec, exec_type, file_type;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index 6ed06b7..b05239b 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -16,7 +16,7 @@
# Allow hal_camera to use fd from app,gralloc,and ashmem HAL
allow hal_camera { appdomain -isolated_app }:fd use;
allow hal_camera surfaceflinger:fd use;
-allow hal_camera hal_allocator:fd use;
+allow hal_camera hal_allocator_server:fd use;
###
### neverallow rules
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index 45999be..e434751 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -1,3 +1,6 @@
+# HwBinder IPC from client to server
+binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server)
+
# GPU device access
allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
diff --git a/public/recovery.te b/public/recovery.te
index a61c8e9..1ec19c5 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -9,7 +9,8 @@
recovery_only(`
# Allow recovery to perform an update as update_engine would do.
typeattribute recovery update_engine_common;
- hal_client_domain(recovery, hal_bootctl)
+ # Recovery can only use HALs in passthrough mode
+ passthrough_hal_client_domain(recovery, hal_bootctl)
allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin sys_tty_config };
diff --git a/public/te_macros b/public/te_macros
index bc5da60..60de568 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -204,6 +204,22 @@
')
#####################################
+# passthrough_hal_client_domain(domain, hal_type)
+# Allow a base set of permissions required for a domain to be a
+# client of a passthrough HAL of the specified type.
+#
+# For example, make some_domain a client of passthrough Foo HAL:
+# passthrough_hal_client_domain(some_domain, hal_foo)
+#
+define(`passthrough_hal_client_domain', `
+typeattribute $1 halclientdomain;
+typeattribute $1 $2_client;
+typeattribute $1 $2;
+# Find passthrough HAL implementations
+allow $2 system_file:dir r_dir_perms;
+')
+
+#####################################
# unix_socket_connect(clientdomain, socket, serverdomain)
# Allow a local socket connection from clientdomain via
# socket to serverdomain.
@@ -322,7 +338,7 @@
# Allow a domain to use Hidl shared memory
define(`hwallocator_use', `
# Call into the allocator hal
-binder_call($1, hal_allocator);
+binder_call($1, hal_allocator_server);
')
#####################################