Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d3ce5dc38c0a6bdb04bdd69cb6b8605ccb031d3b^! / . / public
commitd3ce5dc38c0a6bdb04bdd69cb6b8605ccb031d3b[log] [tgz]
authorSteven Moreland <smoreland@google.com>Wed Mar 22 09:16:49 2017 -0700
committerSteven Moreland <smoreland@google.com>Thu Mar 23 01:50:50 2017 +0000
tree8be02a456ad530f1453535239abfe18cc0874185
parent63211f8da2a09f18352874f089cc1c6ef75cffb9 [diff]
Allow hals to read hwservicemanager prop.

Test: no relevant denials on marlin while booting
Test: no relevant denials on angler while booting
Bug: 36278706
Change-Id: Ieba79e1c8fca4f74c63bc63e6dd0bdcf59204ca2

diff --git a/public/bootanim.te b/public/bootanim.te
index 9c5702d..9922451 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te

@@ -2,6 +2,9 @@
 type bootanim, domain;
 type bootanim_exec, exec_type, file_type;
 
+hal_client_domain(bootanim, hal_graphics_allocator)
+hal_client_domain(bootanim, hal_graphics_composer)
+
 binder_use(bootanim)
 binder_call(bootanim, surfaceflinger)
 binder_call(bootanim, audioserver)

diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 2314433..7d5be49 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te

@@ -2,6 +2,8 @@
 type bufferhubd, domain, mlstrustedsubject;
 type bufferhubd_exec, exec_type, file_type;
 
+hal_client_domain(bufferhubd, hal_graphics_allocator)
+
 pdx_server(bufferhubd)
 use_pdx(bufferhubd, performanced)
 

diff --git a/public/mediacodec.te b/public/mediacodec.te
index 6ab90eb..f0e7e9a 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te

@@ -4,6 +4,10 @@
 
 typeattribute mediacodec mlstrustedsubject;
 
+# TODO(b/36375899) attributize this domain appropriately as hal_omx
+# and use macro hal_server_domain
+get_prop(mediacodec, hwservicemanager_prop)
+
 binder_use(mediacodec)
 binder_call(mediacodec, binderservicedomain)
 binder_call(mediacodec, appdomain)

diff --git a/public/mediaserver.te b/public/mediaserver.te
index a641bf7..46140b3 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te

@@ -4,6 +4,9 @@
 
 typeattribute mediaserver mlstrustedsubject;
 
+# TODO(b/36375899): replace with hal_client_domain macro on hal_omx
+typeattribute mediaserver halclientdomain;
+
 net_domain(mediaserver)
 
 r_dir_file(mediaserver, sdcard_type)

diff --git a/public/sensord.te b/public/sensord.te
index bffe3cd..3211f81 100644
--- a/public/sensord.te
+++ b/public/sensord.te

@@ -2,6 +2,9 @@
 type sensord, domain, mlstrustedsubject;
 type sensord_exec, exec_type, file_type;
 
+hal_client_domain(sensord, hal_graphics_allocator)
+allow sensord hal_graphics_allocator:fd use;
+
 pdx_server(sensord)
 use_pdx(sensord, bufferhubd)
 use_pdx(sensord, performanced)