From 0f8d9261536dfe3c2370dd76059aee8bd059624d Mon Sep 17 00:00:00 2001
From: Alex Deymo <deymo@google.com>
Date: Fri, 22 Apr 2016 13:23:36 -0700
Subject: [PATCH] Move boot_control HAL permissions to an attribute.

The boot_control HAL is library loaded by our daemons (like
update_engine and update_verifier) that interacts with the bootloader.
The actual implementation of this library is provided by the vendor and
its runtime permissions are tied to this implementation which varies a
lot based on how the bootloader and the partitions it uses are
structured.

This patch moves these permissions to an attribute so the attribute can
be expanded on each device without the need to repeat that on each one
of our daemons using the boot_control HAL.

Bug: 27107517
Change-Id: Idfe6a208720b49802b03f70fee4a3e73030dae2e
---
 attributes          | 5 +++++
 boot_control_hal.te | 2 ++
 update_engine.te    | 6 ++----
 update_verifier.te  | 6 ++----
 4 files changed, 11 insertions(+), 8 deletions(-)
 create mode 100644 boot_control_hal.te

diff --git a/attributes b/attributes
index 485b3e9a9..42eb54721 100644
--- a/attributes
+++ b/attributes
@@ -100,3 +100,8 @@ attribute bluetoothdomain;
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
+
+# All domains that access the boot_control HAL. The permissions the HAL
+# requires are specific to the implementation provided in each device, but
+# common daemons need to be aware of those when calling into the HAL.
+attribute boot_control_hal;
diff --git a/boot_control_hal.te b/boot_control_hal.te
new file mode 100644
index 000000000..2a670b39b
--- /dev/null
+++ b/boot_control_hal.te
@@ -0,0 +1,2 @@
+# Allow read/write bootctrl block device, if one is defined.
+allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;
diff --git a/update_engine.te b/update_engine.te
index cf614e6a0..33e81342a 100644
--- a/update_engine.te
+++ b/update_engine.te
@@ -1,5 +1,6 @@
 # Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated;
+# update_engine uses the boot_control_hal.
+type update_engine, domain, domain_deprecated, boot_control_hal;
 type update_engine_exec, exec_type, file_type;
 type update_engine_data_file, file_type, data_file_type;
 
@@ -55,6 +56,3 @@ allow update_engine update_engine_service:service_manager { add };
 
 # Allow update_engine to call the callback function provided by priv_app.
 binder_call(update_engine, priv_app)
-
-# Allow read/write bootctrl block device.
-allow update_engine bootctrl_block_device:blk_file rw_file_perms;
diff --git a/update_verifier.te b/update_verifier.te
index 42567fec9..65438d342 100644
--- a/update_verifier.te
+++ b/update_verifier.te
@@ -1,10 +1,8 @@
 # update_verifier
-type update_verifier, domain;
+# update_verifier uses the boot_control_hal.
+type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;
 
 init_daemon_domain(update_verifier)
 
-# Raw writes to bootctrl block device
-allow update_verifier bootctrl_block_device:blk_file rw_file_perms;
-
 # TODO: Add rules to allow update_verifier to read system_block_device.
-- 
GitLab