Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f97d76d210ef46d927edc1801e26b108be82b67c^1..f97d76d210ef46d927edc1801e26b108be82b67c / .
commitf97d76d210ef46d927edc1801e26b108be82b67c[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Wed Jul 27 08:10:45 2022 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Jul 27 08:10:45 2022 +0000
tree615c6e50a3c77e7df9e5f10ba00e16a0d7f6dd5b
parent52ffc6fe2a46daa3c90ab5b2f323bb5e7bcceda5 [diff]
parent33263a086925c483dd3551b2b5f6ed37ccfaf5dd [diff]
Merge "Use dump_hal() macro for HAL services"
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 84c12d9..a2d2417 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te

@@ -147,22 +147,28 @@
 binder_call(dumpstate, { appdomain netd wificond })
 
 # Allow dumpstate to call dump() on specific hals.
+dump_hal(hal_authsecret)
+dump_hal(hal_contexthub)
+dump_hal(hal_drm)
 dump_hal(hal_dumpstate)
-dump_hal(hal_wifi)
-dump_hal(hal_graphics_allocator)
-dump_hal(hal_input_processor)
-dump_hal(hal_light)
-dump_hal(hal_neuralnetworks)
-dump_hal(hal_nfc)
-dump_hal(hal_thermal)
-dump_hal(hal_power)
-dump_hal(hal_power_stats)
-dump_hal(hal_identity)
 dump_hal(hal_face)
 dump_hal(hal_fingerprint)
 dump_hal(hal_gnss)
-dump_hal(hal_contexthub)
-dump_hal(hal_drm)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_identity)
+dump_hal(hal_input_processor)
+dump_hal(hal_keymint)
+dump_hal(hal_light)
+dump_hal(hal_memtrack)
+dump_hal(hal_neuralnetworks)
+dump_hal(hal_nfc)
+dump_hal(hal_oemlock)
+dump_hal(hal_power)
+dump_hal(hal_power_stats)
+dump_hal(hal_rebootescrow)
+dump_hal(hal_thermal)
+dump_hal(hal_weaver)
+dump_hal(hal_wifi)
 
 # Vibrate the device after we are done collecting the bugreport
 hal_client_domain(dumpstate, hal_vibrator)
@@ -348,31 +354,6 @@
 # Allow dumpstate to talk to mediaswcodec over binder
 binder_call(dumpstate, mediaswcodec);
 
-# Allow dumpstate to talk to these stable AIDL services over binder
-binder_call(dumpstate, hal_rebootescrow_server)
-allow hal_rebootescrow_server dumpstate:fifo_file write;
-allow hal_rebootescrow_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_authsecret_server)
-allow hal_authsecret_server dumpstate:fifo_file write;
-allow hal_authsecret_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_keymint_server)
-allow hal_keymint_server dumpstate:fifo_file write;
-allow hal_keymint_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_memtrack_server)
-allow hal_memtrack_server dumpstate:fifo_file write;
-allow hal_memtrack_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_oemlock_server)
-allow hal_oemlock_server dumpstate:fifo_file write;
-allow hal_oemlock_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_weaver_server)
-allow hal_weaver_server dumpstate:fifo_file write;
-allow hal_weaver_server dumpstate:fd use;
-
 #Access /data/misc/snapshotctl_log
 allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
 allow dumpstate snapshotctl_log_data_file:file r_file_perms;

diff --git a/public/te_macros b/public/te_macros
index 58d04b4..db4ab3d 100644
--- a/public/te_macros
+++ b/public/te_macros

@@ -758,6 +758,8 @@
         -$1_server
         # some services are allowed to find all services
         -atrace
+        # TODO(b/240362192): Remove dumpstate. It is already marked as client
+        # for each HAL via the dump_hal() macro.
         -dumpstate
         -shell
         -system_app