Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ed4625f353c3cdde4bb0acadefb09ad62b7718d2
commited4625f353c3cdde4bb0acadefb09ad62b7718d2[log] [tgz]
authorJiyong Park <jiyong@google.com>Fri Mar 17 09:58:02 2017 +0900
committerJiyong Park <jiyong@google.com>Tue Mar 21 06:10:23 2017 +0000
tree47e238de43cd0a72b815842609f526db198222a9
parent83011a266db967c4b1e8334c7eb9c31de20cc7e1 [diff]
Allow app to access configstore HAL

Apps should be able to access the configstore HAL since framework
libraries which are loaded into app process can call configstore.

Letting apps have direct access to this HAL is OK because: 

(1) the API of this HAL does not make clients provide any sensitive 
information to the HAL, which makes it impossible for the HAL to 
disclose sensitive information of its clients when the HAL is 
compromised, 

(2) we will require that this HAL is binderized (i.e., does not run 
inside the process of its clients), 

(3) we will require that this HAL runs in a tight seccomp sandbox 
(this HAL doesn't need much access, if at all) and,

(4) we'll restrict the HALs powers via neverallows.

Test: apps can use configstore hal.

Change-Id: I04836b7318fbc6ef78deff770a22c68ce7745fa9
1 file changed
tree: 47e238de43cd0a72b815842609f526db198222a9
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. vendor/
  6. Android.mk
  7. CleanSpec.mk
  8. MODULE_LICENSE_PUBLIC_DOMAIN
  9. NOTICE
  10. PREUPLOAD.cfg
  11. README