commit 5a2de627c921e9655de497ab6afd35f6cea52683
author Treehugger Robot <treehugger-gerrit@google.com> Wed Feb 22 23:08:50 2017 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 22 23:08:51 2017 +0000
tree 8101ea60d2168d8b5dfe770bd908ac6929cfcba2
parent 20b8d6b9a67fdced44773ee2f616ef7c55b2f011
parent e096e5f54a0c2667ee644728358745624026dd95

Merge "Add service 'overlay' to service_contexts"

private/hal_bluetooth_default.te

diff --git a/private/hal_bluetooth_default.te b/private/hal_bluetooth_default.te
index 4fcb322..d22015b 100644
--- a/private/hal_bluetooth_default.te
+++ b/private/hal_bluetooth_default.te
@@ -4,11 +4,6 @@
 type hal_bluetooth_default_exec, exec_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
 
-# VTS tests need to be able to toggle rfkill
-userdebug_or_eng(`
-  allow hal_bluetooth_default self:capability net_admin;
-')
-
 # Logging for backward compatibility
 allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
 allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;

public/attributes

diff --git a/public/attributes b/public/attributes
index 0335922..0864638 100644
--- a/public/attributes
+++ b/public/attributes
@@ -138,6 +138,8 @@
 attribute hal_drm_client;
 attribute hal_drm_server;
 attribute hal_dumpstate;
+attribute hal_dumpstate_client;
+attribute hal_dumpstate_server;
 attribute hal_fingerprint;
 attribute hal_fingerprint_client;
 attribute hal_fingerprint_server;

public/dumpstate.te

diff --git a/public/dumpstate.te b/public/dumpstate.te
index ac81ccc..1b8538c 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -89,10 +89,8 @@
 
 # Vibrate the device after we are done collecting the bugreport
 # For binderized mode:
-hwbinder_use(dumpstate)
-binder_call(dumpstate, hal_dumpstate)
+hal_client_domain(dumpstate, hal_dumpstate)
 binder_call(dumpstate, hal_vibrator)
-binder_call(dumpstate, hwservicemanager)
 # For passthrough mode:
 allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
 

public/hal_bluetooth.te

diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 207f718..e9679de 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -4,6 +4,9 @@
 
 wakelock_use(hal_bluetooth);
 
+# The HAL toggles rfkill to power the chip off/on.
+allow hal_bluetooth self:capability net_admin;
+
 # bluetooth factory file accesses.
 r_dir_file(hal_bluetooth, bluetooth_efs_file)
 

public/hal_dumpstate.te

diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index 55e3463..d5723b9 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te
@@ -1,5 +1,6 @@
-# call into dumpstate process (callbacks)
-binder_call(hal_dumpstate, dumpstate)
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_dumpstate_client, hal_dumpstate_server)
+binder_call(hal_dumpstate_server, hal_dumpstate_client)
 
 # write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
 allow hal_dumpstate shell_data_file:file write;

vendor/hal_dumpstate_default.te

diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te
index 2b371b9..fa772e1 100644
--- a/vendor/hal_dumpstate_default.te
+++ b/vendor/hal_dumpstate_default.te
@@ -1,5 +1,5 @@
 type hal_dumpstate_default, domain;
-hal_impl_domain(hal_dumpstate_default, hal_dumpstate)
+hal_server_domain(hal_dumpstate_default, hal_dumpstate)
 
 type hal_dumpstate_default_exec, exec_type, file_type;
 init_daemon_domain(hal_dumpstate_default)