Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY"
* changes:
Revert "Adds a sepolicy for EVS manager service"
Revert "Updates sepolicy for EVS HAL"
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
index db20696..c909986 100644
--- a/private/automotive_display_service.te
+++ b/private/automotive_display_service.te
@@ -39,6 +39,3 @@
# Allow to add a service to the servicemanager
add_service(automotive_display_service, fwk_automotive_display_service);
-
-# Allow to communicate with EVS services
-binder_call(automotive_display_service, hal_evs)
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index d146ae3..f1307ad 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -19,15 +19,12 @@
diced
diced_exec
fwk_automotive_display_service
- evsmanagerd
- evsmanagerd_service
extra_free_kbytes
extra_free_kbytes_exec
fs_bpf_vendor
gesture_prop
hal_contexthub_service
hal_camera_service
- hal_evs_service
hal_dice_service
hal_drm_service
hal_dumpstate_service
diff --git a/private/evsmanagerd.te b/private/evsmanagerd.te
deleted file mode 100644
index 3772628..0000000
--- a/private/evsmanagerd.te
+++ /dev/null
@@ -1,39 +0,0 @@
-# evsmanager
-typeattribute evsmanagerd coredomain;
-typeattribute evsmanagerd evsmanager_service_server;
-
-type evsmanagerd_exec, system_file_type, exec_type, file_type;
-
-init_daemon_domain(evsmanagerd);
-
-# Declares as a binder service
-binder_service(evsmanagerd)
-
-# Allows to add a service to service_manager
-add_service(evsmanagerd, evsmanagerd_service)
-
-# Allows to use the binder IPC
-binder_use(evsmanagerd)
-
-# Allows binder IPCs to the various system services
-binder_call(evsmanagerd, system_server)
-
-# Allows to use EVS HAL implementations
-hal_client_domain(evsmanagerd, hal_evs)
-
-# Allows to write messages to the shell
-allow evsmanagerd shell:fd use;
-allow evsmanagerd shell:fifo_file write;
-
-# Allows to use the graphics allocator
-allow evsmanagerd hal_graphics_allocator:fd use;
-
-# Allows to use a bootstrap statsd
-allow evsmanagerd statsbootstrap_service:service_manager find;
-
-# Allows binder IPCs to the CarService
-binder_call(evsmanagerd, appdomain)
-
-# For HIDL evs manager implementation
-allow evsmanagerd hal_evs_hwservice:hwservice_manager add;
-allow evsmanagerd hidl_base_hwservice:hwservice_manager add;
diff --git a/private/file_contexts b/private/file_contexts
index fabbf2b..ba50376 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -377,8 +377,6 @@
/system/bin/odsign u:object_r:odsign_exec:s0
/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
/system/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
-/system/bin/evsmanagerd u:object_r:evsmanagerd_exec:s0
-/system/bin/android\.automotive\.evs\.manager@1\.[0-9]+ u:object_r:evsmanagerd_exec:s0
#############################
# Vendor files
diff --git a/private/service_contexts b/private/service_contexts
index 4fb4b29..7075f4d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,6 +1,4 @@
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
-android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
-android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
@@ -77,7 +75,6 @@
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_cb_test u:object_r:aidl_lazy_test_service:s0
alarm u:object_r:alarm_service:s0
-android.hardware.automotive.evs.IEvsEnumerator/default u:object_r:evsmanagerd_service:s0
android.os.UpdateEngineService u:object_r:update_engine_service:s0
android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
android.frameworks.automotive.display.ICarDisplayProxy/default u:object_r:fwk_automotive_display_service:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index bc7543b..1c7f657 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -125,9 +125,6 @@
# TODO(146461633): remove this once native pullers talk to StatsManagerService
binder_call(surfaceflinger, statsd);
-# Allow to use files supplied by hal_evs
-allow surfaceflinger hal_evs:fd use;
-
# Allow pushing jank event atoms to statsd
userdebug_or_eng(`
unix_socket_send(surfaceflinger, statsdw, statsd)
diff --git a/public/attributes b/public/attributes
index 4db8ba1..73861bd 100644
--- a/public/attributes
+++ b/public/attributes
@@ -398,7 +398,6 @@
attribute automotive_display_service_server;
attribute camera_service_server;
attribute display_service_server;
-attribute evsmanager_service_server;
attribute scheduler_service_server;
attribute sensor_service_server;
attribute stats_service_server;
diff --git a/public/evsmanagerd.te b/public/evsmanagerd.te
deleted file mode 100644
index cde0380..0000000
--- a/public/evsmanagerd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# evsmanager daemon
-type evsmanagerd, domain;
diff --git a/public/hal_evs.te b/public/hal_evs.te
index 09a40d8..789333a 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@@ -1,15 +1,5 @@
hwbinder_use(hal_evs_client)
hwbinder_use(hal_evs_server)
-
binder_call(hal_evs_client, hal_evs_server)
binder_call(hal_evs_server, hal_evs_client)
-
-# Below lines are equivalent to hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
-# except it allows evsmanagerd to add hal_evs_hwservice.
-allow hal_evs_client hal_evs_hwservice:hwservice_manager find;
-allow hal_evs_server hal_evs_hwservice:hwservice_manager { add find };
-allow hal_evs_server hidl_base_hwservice:hwservice_manager add;
-neverallow { domain -hal_evs_server -evsmanagerd } hal_evs_hwservice:hwservice_manager add;
-
-# Allows to add a service
-hal_attribute_service(hal_evs, hal_evs_service)
+hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
diff --git a/public/service.te b/public/service.te
index 8c4ae56..46eaff1 100644
--- a/public/service.te
+++ b/public/service.te
@@ -13,7 +13,6 @@
type dnsresolver_service, service_manager_type;
type drmserver_service, service_manager_type;
type dumpstate_service, service_manager_type;
-type evsmanagerd_service, service_manager_type;
type fingerprintd_service, service_manager_type;
type fwk_automotive_display_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
@@ -274,7 +273,6 @@
type hal_dice_service, vendor_service, protected_service, service_manager_type;
type hal_drm_service, vendor_service, service_manager_type;
type hal_dumpstate_service, vendor_service, protected_service, service_manager_type;
-type hal_evs_service, vendor_service, protected_service, service_manager_type;
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 4faa05a..762cf20 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -8,7 +8,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol-service.example u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te
index d1d4559..57a0299 100644
--- a/vendor/hal_evs_default.te
+++ b/vendor/hal_evs_default.te
@@ -6,19 +6,10 @@
type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_evs_default)
-# allow to use a graphic buffer
-hal_client_domain(hal_evs_default, hal_configstore)
-hal_client_domain(hal_evs_default, hal_graphics_allocator)
-hal_client_domain(hal_evs_default, hal_graphics_composer)
+allow hal_evs_default hal_graphics_allocator_server:fd use;
+
+# allow to use surface flinger
+allow hal_evs_default automotive_display_service_server:fd use;
# allow to use automotive display service
-binder_call(hal_evs_default, automotive_display_service_server)
allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;
-
-# allow to access EGL
-allow hal_evs_default gpu_device:chr_file rw_file_perms;
-allow hal_evs_default gpu_device:dir search;
-
-# allow to monitor uevents and access video devices
-allow hal_evs_default device:dir r_dir_perms;
-allow hal_evs_default video_device:chr_file rw_file_perms;