Allow vr_hwc and virtual_touchpad to query for permissions

Allow the services to do binder calls to system_server in order to check for app permissions. Bug: 37542947 Test: Compiled and ran on device ensuring no permission errors Change-Id: If91895607eb118f689cf2e11c63945e9f83bf2a0

Allow vr_hwc and virtual_touchpad to query for permissions
1fc07550 · Daniel Nicoara · 52276383 · 1fc07550 · 1fc07550
Commit 1fc07550 authored 8 years ago by Daniel Nicoara
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -5,5 +5,12 @@ binder_use(virtual_touchpad)
 binder_service(virtual_touchpad)
 add_service(virtual_touchpad, virtual_touchpad_service)
+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
 # Requires access to /dev/uinput to create and feed the virtual device.
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,8 @@ binder_use(vr_hwc)
 binder_service(vr_hwc)
 binder_call(vr_hwc, surfaceflinger)
+# Needed to check for app permissions.
+binder_call(vr_hwc, system_server)
 # TODO(dnicoara): Remove once vr_wm is disabled.
 binder_call(vr_hwc, vr_wm)
@@ -25,3 +27,7 @@ allow vr_hwc ion_device:chr_file r_file_perms;
 # Allow connection to VR DisplayClient to get the primary display metadata
 # (ie: size).
 use_pdx(vr_hwc, surfaceflinger)
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow vr_hwc permission_service:service_manager find;