Enforce separation of privilege for HAL driver access
Only audio HAL may access audio driver.
Only camera HAL may access camera driver.
Test: aosp_marlin and aosp_bullhead policy builds. Note: neverallow
rules are compile time assertions and do not change the
on-device policy.
Bug: 36185625
Change-Id: I1c9edf528080374f5f0d90d3c14d6c3b162484a3
diff --git a/public/hal_audio.te b/public/hal_audio.te
index f620562..a195c93 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -38,3 +38,6 @@
# Should never need network access.
# Disallow network sockets.
neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Only audio HAL may directly access the audio hardware
+neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index df445fa..6ed06b7 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -28,3 +28,7 @@
# hal_camera should never need network access. Disallow network sockets.
neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Only camera HAL may directly access the camera and video hardware
+neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
+neverallow { halserverdomain -hal_camera_server } video_device:chr_file *;