Merge "Mark all clients of Allocator HAL" am: 73a6f38b94
am: 5d8fcf3bb0
Change-Id: I5f88b48df906acb9381dc853d61dcd5ef8d5e4e4
diff --git a/Android.mk b/Android.mk
index 976d61b..44ba23d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -124,6 +124,11 @@
genfs_contexts \
port_contexts
+# CIL files which contain workarounds for current limitation of human-readable
+# module policy language. These files are appended to the CIL files produced
+# from module language files.
+sepolicy_build_cil_workaround_files := technical_debt.cil
+
my_target_arch := $(TARGET_ARCH)
ifneq (,$(filter mips mips64,$(TARGET_ARCH)))
my_target_arch := mips
@@ -250,9 +255,13 @@
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
plat_policy_nvr := $(intermediates)/plat_policy_nvr.cil
-$(plat_policy_nvr): $(plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
+$(plat_policy_nvr): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
+$(plat_policy_nvr): $(plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c $(POLICYVERS) -o $@ $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(plat_policy_nvr)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(plat_policy_nvr)
@@ -1114,6 +1123,7 @@
plat_pub_policy.cil :=
reqd_policy_mask.cil :=
sepolicy_build_files :=
+sepolicy_build_cil_workaround_files :=
with_asan :=
include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/private/app.te b/private/app.te
index c5943dd..81de403 100644
--- a/private/app.te
+++ b/private/app.te
@@ -155,7 +155,6 @@
# hidl access for mediacodec
# TODO(b/34454312): only allow getting and talking to mediacodec service
hwbinder_use(appdomain)
-hwallocator_use(appdomain)
# Already connected, unnamed sockets being passed over some other IPC
# hence no sock_file or connectto permission. This appears to be how
diff --git a/private/audioserver.te b/private/audioserver.te
index a6253f2..61ccefc 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -12,10 +12,9 @@
binder_call(audioserver, appdomain)
binder_service(audioserver)
+hal_client_domain(audioserver, hal_allocator)
hal_client_domain(audioserver, hal_audio)
-allow audioserver system_file:dir r_dir_perms;
-
userdebug_or_eng(`
# used for TEE sink - pcm capture for debug.
allow audioserver media_data_file:dir create_dir_perms;
diff --git a/private/system_server.te b/private/system_server.te
index da1c625..af1e918 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -168,7 +168,7 @@
# Perform HwBinder IPC.
hwbinder_use(system_server)
-hwallocator_use(system_server)
+hal_client_domain(system_server, hal_allocator)
binder_call(system_server, hal_contexthub)
hal_client_domain(system_server, hal_contexthub)
hal_client_domain(system_server, hal_fingerprint)
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
new file mode 100644
index 0000000..2d9ec8b
--- /dev/null
+++ b/private/technical_debt.cil
@@ -0,0 +1,13 @@
+; THIS IS A WORKAROUND for the current limitations of the module policy language
+; This should be used sparingly until we figure out a saner way to achieve the
+; stuff below, for example, by improving typeattribute statement of module
+; language.
+;
+; NOTE: This file has no effect on recovery policy.
+
+; Apps, except isolated apps, are clients of Allocator HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_allocator_client;
+; typeattribute hal_allocator_client halclientdomain;
+(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset halclientdomain (hal_allocator_client))
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
new file mode 100644
index 0000000..b444593
--- /dev/null
+++ b/public/hal_allocator.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+binder_call(hal_allocator_client, hal_allocator_server)
diff --git a/public/hal_audio.te b/public/hal_audio.te
index a195c93..3531944 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -2,14 +2,8 @@
binder_call(hal_audio_client, hal_audio_server)
binder_call(hal_audio_server, hal_audio_client)
-# Both client and the server need to use hwallocator
-hwallocator_use(hal_audio_client)
-hwallocator_use(hal_audio_server)
-
allow hal_audio ion_device:chr_file r_file_perms;
-allow hal_audio system_file:dir { open read };
-
userdebug_or_eng(`
# used for pcm capture for debug.
allow hal_audio audiohal_data_file:dir create_dir_perms;
diff --git a/public/mediacodec.te b/public/mediacodec.te
index f0e7e9a..469c8ba 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -25,10 +25,7 @@
crash_dump_fallback(mediacodec)
-# hidl access
-hwbinder_use(mediacodec)
-hwallocator_use(mediacodec)
-allow mediacodec system_file:dir { open read };
+hal_client_domain(mediacodec, hal_allocator)
# Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 46140b3..93f1548 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -136,9 +136,7 @@
allow mediaserver system_server:fd use;
-# hidl access
-hwbinder_use(mediaserver)
-hwallocator_use(mediaserver)
+hal_client_domain(mediaserver, hal_allocator)
###
### neverallow rules
diff --git a/public/te_macros b/public/te_macros
index 52f2e1b..57a038a 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -328,14 +328,6 @@
')
#####################################
-# hwallocator_use(domain)
-# Allow a domain to use Hidl shared memory
-define(`hwallocator_use', `
-# Call into the allocator hal
-binder_call($1, hal_allocator_server);
-')
-
-#####################################
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 4811f4d..04ef7aa 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -3,3 +3,5 @@
type hal_audio_default_exec, exec_type, file_type;
init_daemon_domain(hal_audio_default)
+
+hal_client_domain(hal_audio_default, hal_allocator)