Group all HAL impls using haldomain attribute
This marks all HAL domain implementations with the haldomain attribute
so that rules can be written which apply to all HAL implementations.
This follows the pattern used for appdomain, netdomain and
bluetoothdomain.
Test: No change to policy according to sesearch.
Bug: 34180936
Change-Id: I0cfe599b0d49feed36538503c226dfce41eb65f6
diff --git a/private/hal_audio_default.te b/private/hal_audio_default.te
index bbbd419..93ffd8e 100644
--- a/private/hal_audio_default.te
+++ b/private/hal_audio_default.te
@@ -1,4 +1,5 @@
-type hal_audio_default, hal_audio, domain;
-type hal_audio_default_exec, exec_type, file_type;
+type hal_audio_default, domain;
+hal_impl_domain(hal_audio_default, hal_audio)
+type hal_audio_default_exec, exec_type, file_type;
init_daemon_domain(hal_audio_default)
diff --git a/private/hal_bluetooth_default.te b/private/hal_bluetooth_default.te
index f77410c..b8fce63 100644
--- a/private/hal_bluetooth_default.te
+++ b/private/hal_bluetooth_default.te
@@ -1,6 +1,7 @@
-type hal_bluetooth_default, hal_bluetooth, domain;
-type hal_bluetooth_default_exec, exec_type, file_type;
+type hal_bluetooth_default, domain;
+hal_impl_domain(hal_bluetooth_default, hal_bluetooth)
+type hal_bluetooth_default_exec, exec_type, file_type;
init_daemon_domain(hal_bluetooth_default)
# VTS tests need to be able to toggle rfkill
diff --git a/private/hal_contexthub_default.te b/private/hal_contexthub_default.te
index 99b6b93..abf5b0e 100644
--- a/private/hal_contexthub_default.te
+++ b/private/hal_contexthub_default.te
@@ -1,4 +1,5 @@
-type hal_contexthub_default, hal_contexthub, domain;
-type hal_contexthub_default_exec, exec_type, file_type;
+type hal_contexthub_default, domain;
+hal_impl_domain(hal_contexthub_default, hal_contexthub)
+type hal_contexthub_default_exec, exec_type, file_type;
init_daemon_domain(hal_contexthub_default)
diff --git a/private/hal_dumpstate_default.te b/private/hal_dumpstate_default.te
index 4616039..2b371b9 100644
--- a/private/hal_dumpstate_default.te
+++ b/private/hal_dumpstate_default.te
@@ -1,4 +1,5 @@
-type hal_dumpstate_default, hal_dumpstate, domain;
-type hal_dumpstate_default_exec, exec_type, file_type;
+type hal_dumpstate_default, domain;
+hal_impl_domain(hal_dumpstate_default, hal_dumpstate)
+type hal_dumpstate_default_exec, exec_type, file_type;
init_daemon_domain(hal_dumpstate_default)
diff --git a/private/hal_fingerprint_default.te b/private/hal_fingerprint_default.te
index 3903f85..c392a85 100644
--- a/private/hal_fingerprint_default.te
+++ b/private/hal_fingerprint_default.te
@@ -1,5 +1,5 @@
-type hal_fingerprint_default, hal_fingerprint, domain;
+type hal_fingerprint_default, domain;
+hal_impl_domain(hal_fingerprint_default, hal_fingerprint)
+
type hal_fingerprint_default_exec, exec_type, file_type;
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
init_daemon_domain(hal_fingerprint_default)
diff --git a/private/hal_gatekeeper_default.te b/private/hal_gatekeeper_default.te
index e0c5613..3c84b13 100644
--- a/private/hal_gatekeeper_default.te
+++ b/private/hal_gatekeeper_default.te
@@ -1,4 +1,5 @@
-type hal_gatekeeper_default, hal_gatekeeper, domain;
-type hal_gatekeeper_default_exec, exec_type, file_type;
+type hal_gatekeeper_default, domain;
+hal_impl_domain(hal_gatekeeper_default, hal_gatekeeper)
+type hal_gatekeeper_default_exec, exec_type, file_type;
init_daemon_domain(hal_gatekeeper_default);
diff --git a/private/hal_gnss_default.te b/private/hal_gnss_default.te
index 29ff994..78f85bc 100644
--- a/private/hal_gnss_default.te
+++ b/private/hal_gnss_default.te
@@ -1,6 +1,7 @@
-type hal_gnss_default, hal_gnss, domain;
-type hal_gnss_default_exec, exec_type, file_type;
+type hal_gnss_default, domain;
+hal_impl_domain(hal_gnss_default, hal_gnss)
+type hal_gnss_default_exec, exec_type, file_type;
init_daemon_domain(hal_gnss_default)
# Read access to system files for HALs in
diff --git a/private/hal_graphics_allocator_default.te b/private/hal_graphics_allocator_default.te
index 36dcca3..6b3672c 100644
--- a/private/hal_graphics_allocator_default.te
+++ b/private/hal_graphics_allocator_default.te
@@ -1,4 +1,5 @@
-type hal_graphics_allocator_default, hal_graphics_allocator, domain;
-type hal_graphics_allocator_default_exec, exec_type, file_type;
+type hal_graphics_allocator_default, domain;
+hal_impl_domain(hal_graphics_allocator_default, hal_graphics_allocator)
+type hal_graphics_allocator_default_exec, exec_type, file_type;
init_daemon_domain(hal_graphics_allocator_default)
diff --git a/private/hal_graphics_composer_default.te b/private/hal_graphics_composer_default.te
index 9ddf71f..99bf690 100644
--- a/private/hal_graphics_composer_default.te
+++ b/private/hal_graphics_composer_default.te
@@ -1,4 +1,5 @@
-type hal_graphics_composer_default, hal_graphics_composer, domain;
-type hal_graphics_composer_default_exec, exec_type, file_type;
+type hal_graphics_composer_default, domain;
+hal_impl_domain(hal_graphics_composer_default, hal_graphics_composer)
+type hal_graphics_composer_default_exec, exec_type, file_type;
init_daemon_domain(hal_graphics_composer_default)
diff --git a/private/hal_health_default.te b/private/hal_health_default.te
index e853fb6..0496cdf 100644
--- a/private/hal_health_default.te
+++ b/private/hal_health_default.te
@@ -1,5 +1,6 @@
# health info abstraction
-type hal_health_default, hal_health, domain;
-type hal_health_default_exec, exec_type, file_type;
+type hal_health_default, domain;
+hal_impl_domain(hal_health_default, hal_health)
+type hal_health_default_exec, exec_type, file_type;
init_daemon_domain(hal_health_default)
diff --git a/private/hal_ir_default.te b/private/hal_ir_default.te
index 1f3d694..2de1b92 100644
--- a/private/hal_ir_default.te
+++ b/private/hal_ir_default.te
@@ -1,4 +1,5 @@
-type hal_ir_default, hal_ir, domain;
-type hal_ir_default_exec, exec_type, file_type;
+type hal_ir_default, domain;
+hal_impl_domain(hal_ir_default, hal_ir)
+type hal_ir_default_exec, exec_type, file_type;
init_daemon_domain(hal_ir_default)
diff --git a/private/hal_light_default.te b/private/hal_light_default.te
index aee44d9..bee7c8a 100644
--- a/private/hal_light_default.te
+++ b/private/hal_light_default.te
@@ -1,4 +1,5 @@
-type hal_light_default, hal_light, domain;
-type hal_light_default_exec, exec_type, file_type;
+type hal_light_default, domain;
+hal_impl_domain(hal_light_default, hal_light)
+type hal_light_default_exec, exec_type, file_type;
init_daemon_domain(hal_light_default)
diff --git a/private/hal_memtrack_default.te b/private/hal_memtrack_default.te
index 113ee18..1c5ca99 100644
--- a/private/hal_memtrack_default.te
+++ b/private/hal_memtrack_default.te
@@ -1,4 +1,5 @@
-type hal_memtrack_default, hal_memtrack, domain;
-type hal_memtrack_default_exec, exec_type, file_type;
+type hal_memtrack_default, domain;
+hal_impl_domain(hal_memtrack_default, hal_memtrack)
+type hal_memtrack_default_exec, exec_type, file_type;
init_daemon_domain(hal_memtrack_default)
diff --git a/private/hal_nfc_default.te b/private/hal_nfc_default.te
index 1f7c4ed..b6abb19 100644
--- a/private/hal_nfc_default.te
+++ b/private/hal_nfc_default.te
@@ -1,4 +1,5 @@
-type hal_nfc_default, hal_nfc, domain;
-type hal_nfc_default_exec, exec_type, file_type;
+type hal_nfc_default, domain;
+hal_impl_domain(hal_nfc_default, hal_nfc)
+type hal_nfc_default_exec, exec_type, file_type;
init_daemon_domain(hal_nfc_default)
diff --git a/private/hal_power_default.te b/private/hal_power_default.te
index e61375d..c8977ee 100644
--- a/private/hal_power_default.te
+++ b/private/hal_power_default.te
@@ -1,4 +1,5 @@
-type hal_power_default, hal_power, domain;
-type hal_power_default_exec, exec_type, file_type;
+type hal_power_default, domain;
+hal_impl_domain(hal_power_default, hal_power)
+type hal_power_default_exec, exec_type, file_type;
init_daemon_domain(hal_power_default)
diff --git a/private/hal_sensors_default.te b/private/hal_sensors_default.te
index 5f29446..3c3a104 100644
--- a/private/hal_sensors_default.te
+++ b/private/hal_sensors_default.te
@@ -1,4 +1,5 @@
-type hal_sensors_default, hal_sensors, domain;
-type hal_sensors_default_exec, exec_type, file_type;
+type hal_sensors_default, domain;
+hal_impl_domain(hal_sensors_default, hal_sensors)
+type hal_sensors_default_exec, exec_type, file_type;
init_daemon_domain(hal_sensors_default)
diff --git a/private/hal_thermal_default.te b/private/hal_thermal_default.te
index a2ff70e..baa3b97 100644
--- a/private/hal_thermal_default.te
+++ b/private/hal_thermal_default.te
@@ -1,4 +1,5 @@
-type hal_thermal_default, hal_thermal, domain;
-type hal_thermal_default_exec, exec_type, file_type;
+type hal_thermal_default, domain;
+hal_impl_domain(hal_thermal_default, hal_thermal)
+type hal_thermal_default_exec, exec_type, file_type;
init_daemon_domain(hal_thermal_default)
diff --git a/private/hal_vibrator_default.te b/private/hal_vibrator_default.te
index e633953..c185e08 100644
--- a/private/hal_vibrator_default.te
+++ b/private/hal_vibrator_default.te
@@ -1,4 +1,5 @@
-type hal_vibrator_default, hal_vibrator, domain;
-type hal_vibrator_default_exec, exec_type, file_type;
+type hal_vibrator_default, domain;
+hal_impl_domain(hal_vibrator_default, hal_vibrator)
+type hal_vibrator_default_exec, exec_type, file_type;
init_daemon_domain(hal_vibrator_default)
diff --git a/private/hal_vr_default.te b/private/hal_vr_default.te
index ba85157..f32c737 100644
--- a/private/hal_vr_default.te
+++ b/private/hal_vr_default.te
@@ -1,4 +1,5 @@
-type hal_vr_default, hal_vr, domain;
-type hal_vr_default_exec, exec_type, file_type;
+type hal_vr_default, domain;
+hal_impl_domain(hal_vr_default, hal_vr)
+type hal_vr_default_exec, exec_type, file_type;
init_daemon_domain(hal_vr_default)
diff --git a/private/hal_wifi_default.te b/private/hal_wifi_default.te
index a32a907..5946ba4 100644
--- a/private/hal_wifi_default.te
+++ b/private/hal_wifi_default.te
@@ -1,4 +1,5 @@
-type hal_wifi_default, hal_wifi, domain;
-type hal_wifi_default_exec, exec_type, file_type;
+type hal_wifi_default, domain;
+hal_impl_domain(hal_wifi_default, hal_wifi)
+type hal_wifi_default_exec, exec_type, file_type;
init_daemon_domain(hal_wifi_default)
diff --git a/private/haldomain.te b/private/haldomain.te
new file mode 100644
index 0000000..511f78d
--- /dev/null
+++ b/private/haldomain.te
@@ -0,0 +1,3 @@
+###
+### Rules for all HAL implementations
+###
diff --git a/public/attributes b/public/attributes
index 30a6014..66cc594 100644
--- a/public/attributes
+++ b/public/attributes
@@ -114,6 +114,9 @@
# recovery for A/B devices.
attribute update_engine_common;
+# All domains used for HAL implementations
+attribute haldomain;
+
# HALs
attribute hal_audio;
attribute hal_bluetooth;
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
index 784bacb..0f3983b 100644
--- a/public/hal_allocator.te
+++ b/public/hal_allocator.te
@@ -1,5 +1,5 @@
# allocator subsystem
-type hal_allocator, domain;
+type hal_allocator, domain, haldomain;
type hal_allocator_exec, exec_type, file_type;
# hwbinder access
diff --git a/public/hal_boot.te b/public/hal_boot.te
index 3cbbb29..d04ced2 100644
--- a/public/hal_boot.te
+++ b/public/hal_boot.te
@@ -1,5 +1,5 @@
# boot_control subsystem
-type hal_boot, domain, boot_control_hal;
+type hal_boot, domain, boot_control_hal, haldomain;
type hal_boot_exec, exec_type, file_type;
# hwbinder access
diff --git a/public/te_macros b/public/te_macros
index 70f0fdf..d1267ec 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -116,6 +116,20 @@
')
#####################################
+# hal_impl_domain(domain, hal_type_attr)
+# Allow a base set of permissions required for a domain to host a
+# HAL implementation of the specified HAL type.
+#
+# For example, default implementation of Foo HAL:
+# type hal_foo_default, domain;
+# hal_impl_domain(hal_foo_default, hal_foo)
+#
+define(`hal_impl_domain', `
+typeattribute $1 haldomain;
+typeattribute $1 $2;
+')
+
+#####################################
# unix_socket_connect(clientdomain, socket, serverdomain)
# Allow a local socket connection from clientdomain via
# socket to serverdomain.