Revert "Updates sepolicy for EVS HAL"
Revert submission 1967140-EVS_sepolicy_updates_T
Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service
Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
index db20696..c909986 100644
--- a/private/automotive_display_service.te
+++ b/private/automotive_display_service.te
@@ -39,6 +39,3 @@
# Allow to add a service to the servicemanager
add_service(automotive_display_service, fwk_automotive_display_service);
-
-# Allow to communicate with EVS services
-binder_call(automotive_display_service, hal_evs)
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index d146ae3..d1ff7cd 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -27,7 +27,6 @@
gesture_prop
hal_contexthub_service
hal_camera_service
- hal_evs_service
hal_dice_service
hal_drm_service
hal_dumpstate_service
diff --git a/private/service_contexts b/private/service_contexts
index 4fb4b29..dfd7795 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,6 +1,4 @@
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
-android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
-android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index bc7543b..1c7f657 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -125,9 +125,6 @@
# TODO(146461633): remove this once native pullers talk to StatsManagerService
binder_call(surfaceflinger, statsd);
-# Allow to use files supplied by hal_evs
-allow surfaceflinger hal_evs:fd use;
-
# Allow pushing jank event atoms to statsd
userdebug_or_eng(`
unix_socket_send(surfaceflinger, statsdw, statsd)
diff --git a/public/hal_evs.te b/public/hal_evs.te
index 09a40d8..e5e5fce 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@@ -10,6 +10,3 @@
allow hal_evs_server hal_evs_hwservice:hwservice_manager { add find };
allow hal_evs_server hidl_base_hwservice:hwservice_manager add;
neverallow { domain -hal_evs_server -evsmanagerd } hal_evs_hwservice:hwservice_manager add;
-
-# Allows to add a service
-hal_attribute_service(hal_evs, hal_evs_service)
diff --git a/public/service.te b/public/service.te
index 8c4ae56..495b5f5 100644
--- a/public/service.te
+++ b/public/service.te
@@ -274,7 +274,6 @@
type hal_dice_service, vendor_service, protected_service, service_manager_type;
type hal_drm_service, vendor_service, service_manager_type;
type hal_dumpstate_service, vendor_service, protected_service, service_manager_type;
-type hal_evs_service, vendor_service, protected_service, service_manager_type;
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 4faa05a..762cf20 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -8,7 +8,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol-service.example u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te
index d1d4559..57a0299 100644
--- a/vendor/hal_evs_default.te
+++ b/vendor/hal_evs_default.te
@@ -6,19 +6,10 @@
type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_evs_default)
-# allow to use a graphic buffer
-hal_client_domain(hal_evs_default, hal_configstore)
-hal_client_domain(hal_evs_default, hal_graphics_allocator)
-hal_client_domain(hal_evs_default, hal_graphics_composer)
+allow hal_evs_default hal_graphics_allocator_server:fd use;
+
+# allow to use surface flinger
+allow hal_evs_default automotive_display_service_server:fd use;
# allow to use automotive display service
-binder_call(hal_evs_default, automotive_display_service_server)
allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;
-
-# allow to access EGL
-allow hal_evs_default gpu_device:chr_file rw_file_perms;
-allow hal_evs_default gpu_device:dir search;
-
-# allow to monitor uevents and access video devices
-allow hal_evs_default device:dir r_dir_perms;
-allow hal_evs_default video_device:chr_file rw_file_perms;