Switch Camera HAL policy to _client/_server
This switches Camera HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Camera HAL.
Domains which are clients of Camera HAL, such as cameraserver domain,
are granted rules targeting hal_camera only when the Camera HAL runs
in passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_camera are
not granted to client domains.
Domains which offer a binderized implementation of Camera HAL, such
as hal_camera_default domain, are always granted rules targeting
hal_camera.
Test: Take non-HDR photo using Google Camera app
Test: Take HDR photo using Google Camera app
Test: Record video using Google Camera app
Bug: 34170079
Change-Id: I463646cf79fede57f11ccd4ec2cbc37a4fff141e
diff --git a/public/attributes b/public/attributes
index e48f96f..0d9428c 100644
--- a/public/attributes
+++ b/public/attributes
@@ -128,6 +128,8 @@
attribute hal_audio_server;
attribute hal_bluetooth;
attribute hal_camera;
+attribute hal_camera_client;
+attribute hal_camera_server;
attribute hal_configstore;
attribute hal_contexthub;
attribute hal_drm;
diff --git a/public/cameraserver.te b/public/cameraserver.te
index a262940..aa7d107 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -7,19 +7,9 @@
binder_call(cameraserver, appdomain)
binder_service(cameraserver)
-hwbinder_use(cameraserver)
-binder_call(cameraserver, hal_camera)
-binder_call(cameraserver, hwservicemanager)
+hal_client_domain(cameraserver, hal_camera)
-# access /data/misc/camera
-allow cameraserver camera_data_file:dir create_dir_perms;
-allow cameraserver camera_data_file:file create_file_perms;
-
-allow cameraserver video_device:dir r_dir_perms;
-allow cameraserver video_device:chr_file rw_file_perms;
-allow cameraserver camera_device:chr_file rw_file_perms;
allow cameraserver ion_device:chr_file rw_file_perms;
-allow cameraserver hal_graphics_allocator:fd use;
add_service(cameraserver, cameraserver_service)
allow cameraserver appops_service:service_manager find;
@@ -31,9 +21,6 @@
allow cameraserver scheduling_policy_service:service_manager find;
allow cameraserver surfaceflinger_service:service_manager find;
-# For HIDL hwservicemanager
-allow cameraserver system_file:dir r_dir_perms;
-
###
### neverallow rules
###
diff --git a/public/hal_camera.te b/public/hal_camera.te
index b879c98..02b8e77 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -1,5 +1,6 @@
-hwbinder_use(hal_camera)
-binder_call(hal_camera, cameraserver)
+# HwBinder IPC from clients to server and callbacks
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)
# access /data/misc/camera
allow hal_camera camera_data_file:dir create_dir_perms;
@@ -9,7 +10,8 @@
allow hal_camera video_device:chr_file rw_file_perms;
allow hal_camera camera_device:chr_file rw_file_perms;
allow hal_camera ion_device:chr_file rw_file_perms;
-allow hal_camera hal_graphics_allocator:fd use;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
###