blob: 485ce53b6f4cb1137b7986765cd4362a2747b77d [file] [log] [blame]
Alex Klyubin7cda44f2017-03-21 14:28:53 -07001; THIS IS A WORKAROUND for the current limitations of the module policy language
2; This should be used sparingly until we figure out a saner way to achieve the
3; stuff below, for example, by improving typeattribute statement of module
4; language.
5;
6; NOTE: This file has no effect on recovery policy.
7
8; Apps, except isolated apps, are clients of Allocator HAL
9; Unfortunately, we can't currently express this in module policy language:
Charles Chenccf80142023-01-20 03:34:19 +000010; typeattribute { appdomain -isolated_app_all } hal_allocator_client;
Alex Klyubin7cda44f2017-03-21 14:28:53 -070011; typeattribute hal_allocator_client halclientdomain;
Charles Chenccf80142023-01-20 03:34:19 +000012(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app_all))))))
Alex Klyubin7cda44f2017-03-21 14:28:53 -070013(typeattributeset halclientdomain (hal_allocator_client))
Mathias Agopian9901ff72017-03-29 19:08:34 -070014
Steven Moreland8fc79812018-05-30 16:43:17 -070015; Apps, except isolated apps, are clients of OMX-related services
16; Unfortunately, we can't currently express this in module policy language:
Charles Chen3e9f05f2023-01-31 13:02:12 +000017(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
Steven Moreland8fc79812018-05-30 16:43:17 -070018
Pawin Vongmasa609c2432019-04-30 05:09:28 -070019; Apps, except isolated apps, are clients of Codec2-related services
20; Unfortunately, we can't currently express this in module policy language:
Charles Chen3e9f05f2023-01-31 13:02:12 +000021(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
Pawin Vongmasa609c2432019-04-30 05:09:28 -070022
Bram Bonne85dfe312022-03-23 17:48:48 +010023; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services
Robert Shihf58be472019-07-16 14:57:41 -070024; Unfortunately, we can't currently express this in module policy language:
Charles Chenccf80142023-01-20 03:34:19 +000025(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app_all) (sdk_sandbox)))))))
Robert Shihf58be472019-07-16 14:57:41 -070026
Alex Klyubin75ca4832017-04-17 13:08:44 -070027; Apps, except isolated apps, are clients of Configstore HAL
28; Unfortunately, we can't currently express this in module policy language:
Charles Chenccf80142023-01-20 03:34:19 +000029; typeattribute { appdomain -isolated_app_all } hal_configstore_client;
30(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app_all))))))
Alex Klyubin75ca4832017-04-17 13:08:44 -070031
Alex Klyubin5007c102017-04-17 12:53:40 -070032; Apps, except isolated apps, are clients of Graphics Allocator HAL
33; Unfortunately, we can't currently express this in module policy language:
Charles Chen3d4a6b72023-01-17 08:16:44 +000034; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
35(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
Alex Klyubin5007c102017-04-17 12:53:40 -070036
Dan Cashman91d398d2017-09-26 12:58:29 -070037; Apps, except isolated apps, are clients of Cas HAL
38; Unfortunately, we can't currently express this in module policy language:
Charles Chenccf80142023-01-20 03:34:19 +000039; typeattribute { appdomain -isolated_app_all } hal_cas_client;
40(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app_all))))))
Dan Cashman91d398d2017-09-26 12:58:29 -070041
Mathias Agopian9901ff72017-03-29 19:08:34 -070042; Domains hosting Camera HAL implementations are clients of Allocator HAL
43; Unfortunately, we can't currently express this in module policy language:
44; typeattribute hal_camera hal_allocator_client;
45(typeattributeset hal_allocator_client (hal_camera))
Michael Butlerea331aa2017-12-15 14:16:25 -080046
47; Apps, except isolated apps, are clients of Neuralnetworks HAL
48; Unfortunately, we can't currently express this in module policy language:
Charles Chenccf80142023-01-20 03:34:19 +000049; typeattribute { appdomain -isolated_app_all } hal_neuralnetworks_client;
Charles Chen31a7fb02023-03-01 20:24:55 +000050(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
Tri Vo7f8b6cc2018-07-28 16:48:06 -070051
52; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
53; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
54; Unfortunately, we can't currently express this in module policy language:
55; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
56; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
57(typeattribute untrusted_app_visible_hwservice)
58(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
59(typeattribute untrusted_app_visible_halserver)
60(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
Jiwen 'Steve' Caie17b2932019-01-04 19:14:07 -080061
Inseob Kim4c110ff2020-11-26 21:50:23 +090062; Properties having both system_property_type and vendor_property_type are illegal
63; Unfortunately, we can't currently express this in module policy language:
64; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type;
65(typeattribute system_and_vendor_property_type)
66(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type))))