Move boot_control HAL permissions to an attribute.

The boot_control HAL is library loaded by our daemons (like update_engine and update_verifier) that interacts with the bootloader. The actual implementation of this library is provided by the vendor and its runtime permissions are tied to this implementation which varies a lot based on how the bootloader and the partitions it uses are structured. This patch moves these permissions to an attribute so the attribute can be expanded on each device without the need to repeat that on each one of our daemons using the boot_control HAL. Bug: 27107517 Change-Id: Idfe6a208720b49802b03f70fee4a3e73030dae2e

Move boot_control HAL permissions to an attribute.
0f8d9261 · Alex Deymo · 50ba6318 · 0f8d9261 · 0f8d9261 · 0f8d9261
Commit 0f8d9261 authored 8 years ago by Alex Deymo
--- a/attributes
+++ b/attributes
@@ -100,3 +100,8 @@ attribute bluetoothdomain;

 # All domains used for binder service domains.
 attribute binderservicedomain;
+
+# All domains that access the boot_control HAL. The permissions the HAL
+# requires are specific to the implementation provided in each device, but
+# common daemons need to be aware of those when calling into the HAL.
+attribute boot_control_hal;
--- a/boot_control_hal.te
+++ b/boot_control_hal.te
+# Allow read/write bootctrl block device, if one is defined.
+allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;
--- a/update_engine.te
+++ b/update_engine.te
 # Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated;
+# update_engine uses the boot_control_hal.
+type update_engine, domain, domain_deprecated, boot_control_hal;
 type update_engine_exec, exec_type, file_type;
 type update_engine_data_file, file_type, data_file_type;

@@ -55,6 +56,3 @@ allow update_engine update_engine_service:service_manager { add };

 # Allow update_engine to call the callback function provided by priv_app.
 binder_call(update_engine, priv_app)
-
-# Allow read/write bootctrl block device.
-allow update_engine bootctrl_block_device:blk_file rw_file_perms;
--- a/update_verifier.te
+++ b/update_verifier.te
 # update_verifier
-type update_verifier, domain;
+# update_verifier uses the boot_control_hal.
+type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;

 init_daemon_domain(update_verifier)

-# Raw writes to bootctrl block device
-allow update_verifier bootctrl_block_device:blk_file rw_file_perms;
-
 # TODO: Add rules to allow update_verifier to read system_block_device.