Merge "allow system_server to set bootanim scheduling priority"
diff --git a/device.te b/device.te
index e4a792e..7e0073f 100644
--- a/device.te
+++ b/device.te
@@ -5,6 +5,7 @@
type ashmem_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
+type hwbinder_device, dev_type, mlstrustedobject;
type block_device, dev_type;
type camera_device, dev_type;
type dm_device, dev_type;
diff --git a/domain.te b/domain.te
index 9398172..98d0898 100644
--- a/domain.te
+++ b/domain.te
@@ -72,7 +72,8 @@
allow domain null_device:chr_file rw_file_perms;
allow domain zero_device:chr_file rw_file_perms;
allow domain ashmem_device:chr_file rw_file_perms;
-allow domain binder_device:chr_file rw_file_perms;
+allow { domain -hwservicemanager } binder_device:chr_file rw_file_perms;
+allow { domain -servicemanager } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
allow domain alarm_device:chr_file r_file_perms;
allow domain urandom_device:chr_file rw_file_perms;
@@ -386,8 +387,11 @@
-ueventd
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
-# Only servicemanager should be able to register with binder as the context manager
-neverallow { domain -servicemanager } *:binder set_context_mgr;
+# Only servicemanager/hwservicemanager should be able to register with binder as the context manager
+neverallow { domain -servicemanager -hwservicemanager} *:binder set_context_mgr;
+# The service managers are only allowed to access their own device node
+neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms;
+neverallow hwservicemanager binder_device:chr_file no_rw_file_perms;
# Only authorized processes should be writing to files in /data/dalvik-cache
neverallow {
diff --git a/file_contexts b/file_contexts
index ed8c5e1..59cbdd0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -71,6 +71,7 @@
/dev/fuse u:object_r:fuse_device:s0
/dev/graphics(/.*)? u:object_r:graphics_device:s0
/dev/hw_random u:object_r:hw_random_device:s0
+/dev/hwbinder u:object_r:hwbinder_device:s0
/dev/i2c-[0-9]+ u:object_r:i2c_device:s0
/dev/input(/.*) u:object_r:input_device:s0
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
@@ -156,6 +157,7 @@
/system/bin/app_process32 u:object_r:zygote_exec:s0
/system/bin/app_process64 u:object_r:zygote_exec:s0
/system/bin/servicemanager u:object_r:servicemanager_exec:s0
+/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
/system/bin/drmserver u:object_r:drmserver_exec:s0
/system/bin/dumpstate u:object_r:dumpstate_exec:s0
diff --git a/hwservicemanager.te b/hwservicemanager.te
new file mode 100644
index 0000000..c347755
--- /dev/null
+++ b/hwservicemanager.te
@@ -0,0 +1,18 @@
+# hwservicemanager - the Binder context manager for HAL services
+type hwservicemanager, domain, mlstrustedsubject;
+type hwservicemanager_exec, exec_type, file_type;
+
+init_daemon_domain(hwservicemanager)
+
+# Note that we do not use the binder_* macros here.
+# hwservicemanager only provides name service (aka context manager)
+# for Binder.
+# As such, it only ever receives and transfers other references
+# created by other domains. It never passes its own references
+# or initiates a Binder IPC.
+allow hwservicemanager self:binder set_context_mgr;
+allow hwservicemanager { domain -init }:binder transfer;
+
+# TODO once hwservicemanager checks whether HALs are
+# allowed to register a certain service, add policy here
+# for allowing to check SELinux permissions.
diff --git a/nfc.te b/nfc.te
index 5b7f4b9..05dabaa 100644
--- a/nfc.te
+++ b/nfc.te
@@ -4,6 +4,9 @@
net_domain(nfc)
binder_service(nfc)
+# hwbinder access
+hwbinder_use(nfc)
+
# Set NFC properties
set_prop(nfc, nfc_prop)
diff --git a/service.te b/service.te
index d72d655..c65272d 100644
--- a/service.te
+++ b/service.te
@@ -39,6 +39,7 @@
type IProxyService_service, app_api_service, system_server_service, service_manager_type;
type commontime_management_service, system_server_service, service_manager_type;
type connectivity_service, app_api_service, system_server_service, service_manager_type;
+type connmetrics_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
type content_service, app_api_service, system_server_service, service_manager_type;
type country_detector_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index 2b7a1b1..b735529 100644
--- a/service_contexts
+++ b/service_contexts
@@ -19,9 +19,10 @@
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
commontime_management u:object_r:commontime_management_service:s0
-common_time.clock u:object_r:mediaserver_service:s0
-common_time.config u:object_r:mediaserver_service:s0
+common_time.clock u:object_r:mediaserver_service:s0
+common_time.config u:object_r:mediaserver_service:s0
connectivity u:object_r:connectivity_service:s0
+connmetrics u:object_r:connmetrics_service:s0
consumer_ir u:object_r:consumer_ir_service:s0
content u:object_r:content_service:s0
contexthub_service u:object_r:contexthub_service:s0
diff --git a/te_macros b/te_macros
index 1e70c4c..f22e009 100644
--- a/te_macros
+++ b/te_macros
@@ -187,6 +187,20 @@
')
#####################################
+# hwbinder_use(domain)
+# Allow domain to use HwBinder IPC.
+define(`hwbinder_use', `
+# Call the hwservicemanager and transfer references to it.
+allow $1 hwservicemanager:binder { call transfer };
+# hwservicemanager performs getpidcon on clients.
+allow hwservicemanager $1:dir search;
+allow hwservicemanager $1:file { read open };
+allow hwservicemanager $1:process getattr;
+# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
+# all domains in domain.te.
+')
+
+#####################################
# binder_call(clientdomain, serverdomain)
# Allow clientdomain to perform binder IPC to serverdomain.
define(`binder_call', `