clean up hal types
Bug: 32123421
Test: build Hikey
Change-Id: Iaf02626f3f3a94104c0f9d746c3cf5f20751a27d
diff --git a/public/android_hardware_audio_2_0_service.te b/public/android_hardware_audio_2_0_service.te
deleted file mode 100644
index 9da62c8..0000000
--- a/public/android_hardware_audio_2_0_service.te
+++ /dev/null
@@ -1,36 +0,0 @@
-# android_hardware_audio_2_0_service - audio services daemon
-type android_hardware_audio_2_0_service, domain;
-type android_hardware_audio_2_0_service_exec, exec_type, file_type;
-
-hwbinder_use(android_hardware_audio_2_0_service)
-binder_call(android_hardware_audio_2_0_service, audioserver)
-
-allow android_hardware_audio_2_0_service ion_device:chr_file r_file_perms;
-
-allow android_hardware_audio_2_0_service system_file:dir { open read };
-
-userdebug_or_eng(`
- # used for pcm capture for debug.
- allow android_hardware_audio_2_0_service audiohal_data_file:dir create_dir_perms;
- allow android_hardware_audio_2_0_service audiohal_data_file:file create_file_perms;
-')
-
-r_dir_file(android_hardware_audio_2_0_service, proc)
-allow android_hardware_audio_2_0_service audio_device:dir r_dir_perms;
-allow android_hardware_audio_2_0_service audio_device:chr_file rw_file_perms;
-
-# Needed on some devices for playing audio on paired BT device,
-# but seems appropriate for all devices.
-unix_socket_connect(android_hardware_audio_2_0_service, bluetooth, bluetooth)
-
-###
-### neverallow rules
-###
-
-# android_hardware_audio_2_0_service should never execute any executable without
-# a domain transition
-neverallow android_hardware_audio_2_0_service { file_type fs_type }:file execute_no_trans;
-
-# android_hardware_audio_2_0_service should never need network access.
-# Disallow network sockets.
-neverallow android_hardware_audio_2_0_service domain:{ tcp_socket udp_socket rawip_socket } *;
\ No newline at end of file
diff --git a/public/android_hardware_nfc_1_0_service.te b/public/android_hardware_nfc_1_0_service.te
deleted file mode 100644
index 79da53b..0000000
--- a/public/android_hardware_nfc_1_0_service.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# nfc subsystem
-type android_hardware_nfc_1_0_service, domain;
-type android_hardware_nfc_1_0_service_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_nfc_1_0_service)
-
-# call into NFC process (callbacks)
-binder_call(android_hardware_nfc_1_0_service, nfc)
-
-# Set NFC properties (used by bcm2079x HAL).
-set_prop(android_hardware_nfc_1_0_service, nfc_prop)
-
-# NFC device access.
-allow android_hardware_nfc_1_0_service nfc_device:chr_file rw_file_perms;
-
-# Data file accesses.
-allow android_hardware_nfc_1_0_service nfc_data_file:dir create_dir_perms;
-allow android_hardware_nfc_1_0_service nfc_data_file:notdevfile_class_set create_file_perms;
diff --git a/public/android_hardware_vibrator_service.te b/public/android_hardware_vibrator_service.te
deleted file mode 100644
index 37381e8..0000000
--- a/public/android_hardware_vibrator_service.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# vibrator subsystem
-type android_hardware_vibrator_service, domain;
-type android_hardware_vibrator_service_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_vibrator_service)
-
-# vibrator sysfs rw access
-allow android_hardware_vibrator_service sysfs_vibrator:file rw_file_perms;
diff --git a/public/android_hardware_vr.te b/public/android_hardware_vr.te
deleted file mode 100644
index f6651c5..0000000
--- a/public/android_hardware_vr.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# vr subsystem
-type android_hardware_vr, domain;
-type android_hardware_vr_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_vr)
-
-# call into system_server process
-binder_call(android_hardware_vr, system_server)
diff --git a/public/audioserver.te b/public/audioserver.te
index 5dea1b3..455ab4b 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -10,7 +10,7 @@
binder_service(audioserver)
hwbinder_use(audioserver)
-binder_call(audioserver, android_hardware_audio_2_0_service)
+binder_call(audioserver, hal_audio)
r_dir_file(audioserver, proc)
allow audioserver ion_device:chr_file r_file_perms;
diff --git a/public/hal_audio.te b/public/hal_audio.te
new file mode 100644
index 0000000..b3ca73c
--- /dev/null
+++ b/public/hal_audio.te
@@ -0,0 +1,36 @@
+# hal_audio - audio services daemon
+type hal_audio, domain;
+type hal_audio_exec, exec_type, file_type;
+
+hwbinder_use(hal_audio)
+binder_call(hal_audio, audioserver)
+
+allow hal_audio ion_device:chr_file r_file_perms;
+
+allow hal_audio system_file:dir { open read };
+
+userdebug_or_eng(`
+ # used for pcm capture for debug.
+ allow hal_audio audiohal_data_file:dir create_dir_perms;
+ allow hal_audio audiohal_data_file:file create_file_perms;
+')
+
+r_dir_file(hal_audio, proc)
+allow hal_audio audio_device:dir r_dir_perms;
+allow hal_audio audio_device:chr_file rw_file_perms;
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(hal_audio, bluetooth, bluetooth)
+
+###
+### neverallow rules
+###
+
+# hal_audio should never execute any executable without
+# a domain transition
+neverallow hal_audio { file_type fs_type }:file execute_no_trans;
+
+# hal_audio should never need network access.
+# Disallow network sockets.
+neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/hal_nfc.te b/public/hal_nfc.te
new file mode 100644
index 0000000..528eb7c
--- /dev/null
+++ b/public/hal_nfc.te
@@ -0,0 +1,19 @@
+# nfc subsystem
+type hal_nfc, domain;
+type hal_nfc_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_nfc)
+
+# call into NFC process (callbacks)
+binder_call(hal_nfc, nfc)
+
+# Set NFC properties (used by bcm2079x HAL).
+set_prop(hal_nfc, nfc_prop)
+
+# NFC device access.
+allow hal_nfc nfc_device:chr_file rw_file_perms;
+
+# Data file accesses.
+allow hal_nfc nfc_data_file:dir create_dir_perms;
+allow hal_nfc nfc_data_file:notdevfile_class_set create_file_perms;
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
new file mode 100644
index 0000000..02b965f
--- /dev/null
+++ b/public/hal_vibrator.te
@@ -0,0 +1,9 @@
+# vibrator subsystem
+type hal_vibrator, domain;
+type hal_vibrator_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_vibrator)
+
+# vibrator sysfs rw access
+allow hal_vibrator sysfs_vibrator:file rw_file_perms;
diff --git a/public/hal_vr.te b/public/hal_vr.te
new file mode 100644
index 0000000..9cae1ab
--- /dev/null
+++ b/public/hal_vr.te
@@ -0,0 +1,9 @@
+# vr subsystem
+type hal_vr, domain;
+type hal_vr_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_vr)
+
+# call into system_server process
+binder_call(hal_vr, system_server)
diff --git a/public/nfc.te b/public/nfc.te
index 09e7515..3d40867 100644
--- a/public/nfc.te
+++ b/public/nfc.te
@@ -36,4 +36,4 @@
allow nfc shell_data_file:file read;
# allow NFC process to call into the NFC HAL
-binder_call(nfc, android_hardware_nfc_1_0_service)
+binder_call(nfc, hal_nfc)
diff --git a/public/system_server.te b/public/system_server.te
index 35f1b73..c562b65 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -148,8 +148,8 @@
# Perform Binder IPC.
binder_use(system_server)
binder_call(system_server, hal_boot)
-binder_call(system_server, android_hardware_vibrator_service)
-binder_call(system_server, android_hardware_vr)
+binder_call(system_server, hal_vibrator)
+binder_call(system_server, hal_vr)
binder_call(system_server, binderservicedomain)
binder_call(system_server, gatekeeperd)
binder_call(system_server, fingerprintd)