VR: Add sepolicy for VR HWC service
VR HWC is being split out of VR Window Manager. It creates a HW binder
interface used by SurfaceFlinger which implements the HWComposer HAL and
a regular binder interface which will be used by a system app to receive
the SurfaceFlinger output.
Bug: b/36051907
Test: Ran in permissive mode and ensured no permission errors show in
logcat.
Change-Id: If1360bc8fa339a80100124c4e89e69c64b29d2ae
diff --git a/private/file_contexts b/private/file_contexts
index 6687144..7a52e5c 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -256,6 +256,7 @@
/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
/system/etc/selinux/plat_sepolicy.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_sepolicy.cil.sha256 u:object_r:sepolicy_file:s0
+/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0
#############################
# Vendor files
diff --git a/private/service_contexts b/private/service_contexts
index db2e9f6..a65cb01 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -157,6 +157,7 @@
virtual_touchpad u:object_r:virtual_touchpad_service:s0
voiceinteraction u:object_r:voiceinteraction_service:s0
vr_window_manager u:object_r:vr_window_manager_service:s0
+vr_hwc u:object_r:vr_hwc_service:s0
vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0
webviewupdate u:object_r:webviewupdate_service:s0
diff --git a/private/system_app.te b/private/system_app.te
index 1e2245f..bab49c1 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -57,7 +57,7 @@
allow system_app servicemanager:service_manager list;
# TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service }:service_manager find;
+allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow system_app keystore:keystore_key {
get_state
diff --git a/private/vr_hwc.te b/private/vr_hwc.te
new file mode 100644
index 0000000..51d2420
--- /dev/null
+++ b/private/vr_hwc.te
@@ -0,0 +1,4 @@
+typeattribute vr_hwc coredomain;
+
+# Daemon started by init.
+init_daemon_domain(vr_hwc)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 9b54329..bfbb43b 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -170,7 +170,7 @@
allow dumpstate misc_logd_file:file r_file_perms;
')
-allow dumpstate { service_manager_type -gatekeeper_service -dumpstate_service -incident_service -virtual_touchpad_service }:service_manager find;
+allow dumpstate { service_manager_type -gatekeeper_service -dumpstate_service -incident_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow dumpstate servicemanager:service_manager list;
allow dumpstate devpts:chr_file rw_file_perms;
diff --git a/public/service.te b/public/service.te
index 444f82a..f8fa174 100644
--- a/public/service.te
+++ b/public/service.te
@@ -28,6 +28,7 @@
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vr_window_manager_service, service_manager_type;
+type vr_hwc_service, service_manager_type;
# system_server_services broken down
type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/shell.te b/public/shell.te
index 0e55f84..caf93ca 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -82,7 +82,7 @@
# don't allow shell to access GateKeeper service
# TODO: why is this so broad? Tightening candidate? It needs at list:
# - dumpstate_service (so it can receive dumpstate progress updates)
-allow shell { service_manager_type -gatekeeper_service -incident_service -installd_service -netd_service -virtual_touchpad_service }:service_manager find;
+allow shell { service_manager_type -gatekeeper_service -incident_service -installd_service -netd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow shell dumpstate:binder call;
# allow shell to get information from hwservicemanager
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
new file mode 100644
index 0000000..b0d3ad9
--- /dev/null
+++ b/public/vr_hwc.te
@@ -0,0 +1,29 @@
+type vr_hwc, domain;
+type vr_hwc_exec, exec_type, file_type;
+
+# Get buffer metadata.
+hal_client_domain(vr_hwc, hal_graphics_allocator)
+
+binder_use(vr_hwc)
+binder_service(vr_hwc)
+
+binder_call(vr_hwc, surfaceflinger)
+binder_call(vr_hwc, vr_wm)
+
+add_service(vr_hwc, vr_hwc_service)
+
+# Hosts the VR HWC implementation and provides a simple Binder interface for VR
+# Window Manager to receive the layers/buffers.
+hwbinder_use(vr_hwc)
+
+# Load vendor libraries.
+allow vr_hwc system_file:dir r_dir_perms;
+
+allow vr_hwc ion_device:chr_file r_file_perms;
+
+# Allow connection to VR DisplayClient to get the primary display metadata
+# (ie: size).
+use_pdx(vr_hwc, surfaceflinger)
+
+# Limit access so only vr_wm can connect.
+neverallow { domain -vr_hwc -vr_wm } vr_hwc_service:service_manager find;
diff --git a/public/vr_wm.te b/public/vr_wm.te
index deedb0a..1e48609 100644
--- a/public/vr_wm.te
+++ b/public/vr_wm.te
@@ -4,18 +4,15 @@
hal_client_domain(vr_wm, hal_graphics_allocator)
binder_use(vr_wm)
-binder_call(vr_wm, surfaceflinger)
binder_call(vr_wm, virtual_touchpad)
+binder_call(vr_wm, vr_hwc)
allow vr_wm virtual_touchpad_service:service_manager find;
+allow vr_wm vr_hwc_service:service_manager find;
binder_service(vr_wm)
add_service(vr_wm, vr_window_manager_service)
-# Hosts the VR HWC implementation and provides a simple Binder interface for VR
-# Window Manager to receive the layers/buffers.
-hwbinder_use(vr_wm)
-
# Load vendor libraries.
allow vr_wm system_file:dir r_dir_perms;