Something went wrong on our end
-
Jiyong Park authoredApps should be able to access the configstore HAL since framework libraries which are loaded into app process can call configstore. Letting apps have direct access to this HAL is OK because: (1) the API of this HAL does not make clients provide any sensitive information to the HAL, which makes it impossible for the HAL to disclose sensitive information of its clients when the HAL is compromised, (2) we will require that this HAL is binderized (i.e., does not run inside the process of its clients), (3) we will require that this HAL runs in a tight seccomp sandbox (this HAL doesn't need much access, if at all) and, (4) we'll restrict the HALs powers via neverallows. Test: apps can use configstore hal. Change-Id: I04836b7318fbc6ef78deff770a22c68ce7745fa9
Jiyong Park authoredApps should be able to access the configstore HAL since framework libraries which are loaded into app process can call configstore. Letting apps have direct access to this HAL is OK because: (1) the API of this HAL does not make clients provide any sensitive information to the HAL, which makes it impossible for the HAL to disclose sensitive information of its clients when the HAL is compromised, (2) we will require that this HAL is binderized (i.e., does not run inside the process of its clients), (3) we will require that this HAL runs in a tight seccomp sandbox (this HAL doesn't need much access, if at all) and, (4) we'll restrict the HALs powers via neverallows. Test: apps can use configstore hal. Change-Id: I04836b7318fbc6ef78deff770a22c68ce7745fa9