From 29eed9faea88ec3ac27ab17e451d8a29ac85f81d Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Tue, 13 Dec 2016 12:17:09 -0800
Subject: [PATCH] All hal policies expressed as attributes.

Bug: 32123421
Bug: 32905206

Test: compiles, nfc works
Change-Id: Ibf72ef70255573e4df0863ea640354b3c37eb47d
---
 private/file_contexts                     | 22 +++++++++++-----------
 private/hal_audio.te                      |  3 ---
 private/hal_audio_default.te              |  4 ++++
 private/hal_graphics_allocator.te         |  1 -
 private/hal_graphics_allocator_default.te |  4 ++++
 private/hal_graphics_composer.te          |  1 -
 private/hal_graphics_composer_default.te  |  4 ++++
 private/hal_ir_default.te                 |  1 -
 private/hal_light_default.te              |  1 -
 private/hal_memtrack.te                   |  2 --
 private/hal_memtrack_default.te           |  4 ++++
 private/hal_nfc.te                        |  2 --
 private/hal_nfc_default.te                |  4 ++++
 private/hal_power.te                      |  2 --
 private/hal_power_default.te              |  4 ++++
 private/hal_thermal.te                    |  2 --
 private/hal_thermal_default.te            |  4 ++++
 private/hal_vibrator.te                   |  2 --
 private/hal_vibrator_default.te           |  4 ++++
 private/hal_vr.te                         |  2 --
 private/hal_vr_default.te                 |  4 ++++
 private/hal_wifi.te                       |  3 ---
 private/hal_wifi_default.te               |  4 ++++
 public/attributes                         | 12 +++++++++++-
 public/hal_audio.te                       |  4 ----
 public/hal_graphics_allocator.te          |  4 ----
 public/hal_graphics_composer.te           |  4 ----
 public/hal_memtrack.te                    |  4 ----
 public/hal_nfc.te                         |  4 ----
 public/hal_power.te                       |  4 ----
 public/hal_thermal.te                     |  4 ----
 public/hal_vibrator.te                    |  4 ----
 public/hal_vr.te                          |  4 ----
 public/hal_wifi.te                        |  4 ----
 34 files changed, 62 insertions(+), 74 deletions(-)
 delete mode 100644 private/hal_audio.te
 create mode 100644 private/hal_audio_default.te
 delete mode 100644 private/hal_graphics_allocator.te
 create mode 100644 private/hal_graphics_allocator_default.te
 delete mode 100644 private/hal_graphics_composer.te
 create mode 100644 private/hal_graphics_composer_default.te
 delete mode 100644 private/hal_memtrack.te
 create mode 100644 private/hal_memtrack_default.te
 delete mode 100644 private/hal_nfc.te
 create mode 100644 private/hal_nfc_default.te
 delete mode 100644 private/hal_power.te
 create mode 100644 private/hal_power_default.te
 delete mode 100644 private/hal_thermal.te
 create mode 100644 private/hal_thermal_default.te
 delete mode 100644 private/hal_vibrator.te
 create mode 100644 private/hal_vibrator_default.te
 delete mode 100644 private/hal_vr.te
 create mode 100644 private/hal_vr_default.te
 delete mode 100644 private/hal_wifi.te
 create mode 100644 private/hal_wifi_default.te

diff --git a/private/file_contexts b/private/file_contexts
index 4547b6a0d..ccb441a74 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -228,19 +228,19 @@
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
-/system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
+/system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
-/system/bin/hw/android\.hardware\.ir@1\.0-service           u:object_r:hal_ir_default_exec:s0
-/system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_exec:s0
-/system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_exec:s0
+/system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
+/system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_default_exec:s0
+/system/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
-/system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_exec:s0
-/system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
-/system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_exec:s0
-/system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_exec:s0
-/system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
-/system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
-/system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0
+/system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_default_exec:s0
+/system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_default_exec:s0
+/system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
+/system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_default_exec:s0
+/system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_default_exec:s0
+/system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_default_exec:s0
+/system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_default_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/hal_audio.te b/private/hal_audio.te
deleted file mode 100644
index 0a3c170df..000000000
--- a/private/hal_audio.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
-init_daemon_domain(hal_audio)
diff --git a/private/hal_audio_default.te b/private/hal_audio_default.te
new file mode 100644
index 000000000..bbbd41927
--- /dev/null
+++ b/private/hal_audio_default.te
@@ -0,0 +1,4 @@
+type hal_audio_default, hal_audio, domain;
+type hal_audio_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_audio_default)
diff --git a/private/hal_graphics_allocator.te b/private/hal_graphics_allocator.te
deleted file mode 100644
index d00cf68b4..000000000
--- a/private/hal_graphics_allocator.te
+++ /dev/null
@@ -1 +0,0 @@
-init_daemon_domain(hal_graphics_allocator)
diff --git a/private/hal_graphics_allocator_default.te b/private/hal_graphics_allocator_default.te
new file mode 100644
index 000000000..36dcca30f
--- /dev/null
+++ b/private/hal_graphics_allocator_default.te
@@ -0,0 +1,4 @@
+type hal_graphics_allocator_default, hal_graphics_allocator, domain;
+type hal_graphics_allocator_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_graphics_allocator_default)
diff --git a/private/hal_graphics_composer.te b/private/hal_graphics_composer.te
deleted file mode 100644
index 128171f01..000000000
--- a/private/hal_graphics_composer.te
+++ /dev/null
@@ -1 +0,0 @@
-init_daemon_domain(hal_graphics_composer)
diff --git a/private/hal_graphics_composer_default.te b/private/hal_graphics_composer_default.te
new file mode 100644
index 000000000..9ddf71f13
--- /dev/null
+++ b/private/hal_graphics_composer_default.te
@@ -0,0 +1,4 @@
+type hal_graphics_composer_default, hal_graphics_composer, domain;
+type hal_graphics_composer_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_graphics_composer_default)
diff --git a/private/hal_ir_default.te b/private/hal_ir_default.te
index 0ccd436b5..1f3d694bf 100644
--- a/private/hal_ir_default.te
+++ b/private/hal_ir_default.te
@@ -1,5 +1,4 @@
 type hal_ir_default, hal_ir, domain;
 type hal_ir_default_exec, exec_type, file_type;
 
-# may be started by init
 init_daemon_domain(hal_ir_default)
diff --git a/private/hal_light_default.te b/private/hal_light_default.te
index 8ac8037b2..aee44d9cf 100644
--- a/private/hal_light_default.te
+++ b/private/hal_light_default.te
@@ -1,5 +1,4 @@
 type hal_light_default, hal_light, domain;
 type hal_light_default_exec, exec_type, file_type;
 
-# may be started by init
 init_daemon_domain(hal_light_default)
diff --git a/private/hal_memtrack.te b/private/hal_memtrack.te
deleted file mode 100644
index 89c7b8e6e..000000000
--- a/private/hal_memtrack.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_memtrack)
diff --git a/private/hal_memtrack_default.te b/private/hal_memtrack_default.te
new file mode 100644
index 000000000..113ee1871
--- /dev/null
+++ b/private/hal_memtrack_default.te
@@ -0,0 +1,4 @@
+type hal_memtrack_default, hal_memtrack, domain;
+type hal_memtrack_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_memtrack_default)
diff --git a/private/hal_nfc.te b/private/hal_nfc.te
deleted file mode 100644
index 0d0f24606..000000000
--- a/private/hal_nfc.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_nfc)
diff --git a/private/hal_nfc_default.te b/private/hal_nfc_default.te
new file mode 100644
index 000000000..1f7c4ed7a
--- /dev/null
+++ b/private/hal_nfc_default.te
@@ -0,0 +1,4 @@
+type hal_nfc_default, hal_nfc, domain;
+type hal_nfc_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_nfc_default)
diff --git a/private/hal_power.te b/private/hal_power.te
deleted file mode 100644
index a564d402c..000000000
--- a/private/hal_power.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_power)
diff --git a/private/hal_power_default.te b/private/hal_power_default.te
new file mode 100644
index 000000000..e61375d40
--- /dev/null
+++ b/private/hal_power_default.te
@@ -0,0 +1,4 @@
+type hal_power_default, hal_power, domain;
+type hal_power_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_power_default)
diff --git a/private/hal_thermal.te b/private/hal_thermal.te
deleted file mode 100644
index 2623e3f2f..000000000
--- a/private/hal_thermal.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# May be started by init
-init_daemon_domain(hal_thermal)
diff --git a/private/hal_thermal_default.te b/private/hal_thermal_default.te
new file mode 100644
index 000000000..a2ff70e16
--- /dev/null
+++ b/private/hal_thermal_default.te
@@ -0,0 +1,4 @@
+type hal_thermal_default, hal_thermal, domain;
+type hal_thermal_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_thermal_default)
diff --git a/private/hal_vibrator.te b/private/hal_vibrator.te
deleted file mode 100644
index ceba155e8..000000000
--- a/private/hal_vibrator.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_vibrator)
diff --git a/private/hal_vibrator_default.te b/private/hal_vibrator_default.te
new file mode 100644
index 000000000..e6339537e
--- /dev/null
+++ b/private/hal_vibrator_default.te
@@ -0,0 +1,4 @@
+type hal_vibrator_default, hal_vibrator, domain;
+type hal_vibrator_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_vibrator_default)
diff --git a/private/hal_vr.te b/private/hal_vr.te
deleted file mode 100644
index cc632f64d..000000000
--- a/private/hal_vr.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(hal_vr)
diff --git a/private/hal_vr_default.te b/private/hal_vr_default.te
new file mode 100644
index 000000000..ba85157a5
--- /dev/null
+++ b/private/hal_vr_default.te
@@ -0,0 +1,4 @@
+type hal_vr_default, hal_vr, domain;
+type hal_vr_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_vr_default)
diff --git a/private/hal_wifi.te b/private/hal_wifi.te
deleted file mode 100644
index 7c1b7b665..000000000
--- a/private/hal_wifi.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
-init_daemon_domain(hal_wifi)
diff --git a/private/hal_wifi_default.te b/private/hal_wifi_default.te
new file mode 100644
index 000000000..a32a9070a
--- /dev/null
+++ b/private/hal_wifi_default.te
@@ -0,0 +1,4 @@
+type hal_wifi_default, hal_wifi, domain;
+type hal_wifi_default_exec, exec_type, file_type;
+
+init_daemon_domain(hal_wifi_default)
diff --git a/public/attributes b/public/attributes
index 497cb90bc..933143780 100644
--- a/public/attributes
+++ b/public/attributes
@@ -115,5 +115,15 @@ attribute boot_control_hal;
 attribute update_engine_common;
 
 # HALs
-attribute hal_light;
+attribute hal_audio;
+attribute hal_graphics_allocator;
+attribute hal_graphics_composer;
 attribute hal_ir;
+attribute hal_light;
+attribute hal_memtrack;
+attribute hal_nfc;
+attribute hal_power;
+attribute hal_thermal;
+attribute hal_vibrator;
+attribute hal_vr;
+attribute hal_wifi;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index b3ca73c8d..b40427cd3 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -1,7 +1,3 @@
-# hal_audio - audio services daemon
-type hal_audio, domain;
-type hal_audio_exec, exec_type, file_type;
-
 hwbinder_use(hal_audio)
 binder_call(hal_audio, audioserver)
 
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index 8b33f9325..1c357ed44 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -1,7 +1,3 @@
-# graphics buffer allocator subsystem
-type hal_graphics_allocator, domain;
-type hal_graphics_allocator_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_graphics_allocator)
 
diff --git a/public/hal_graphics_composer.te b/public/hal_graphics_composer.te
index e92eeafd5..3753278f4 100644
--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
@@ -1,7 +1,3 @@
-# graphics composer subsystem
-type hal_graphics_composer, domain;
-type hal_graphics_composer_exec, exec_type, file_type;
-
 # HwBinder access
 hwbinder_use(hal_graphics_composer)
 # IComposerCallback
diff --git a/public/hal_memtrack.te b/public/hal_memtrack.te
index 07c129238..90ecc0a10 100644
--- a/public/hal_memtrack.te
+++ b/public/hal_memtrack.te
@@ -1,6 +1,2 @@
-# memtrack subsystem
-type hal_memtrack, domain;
-type hal_memtrack_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_memtrack);
diff --git a/public/hal_nfc.te b/public/hal_nfc.te
index 528eb7c99..a062a7812 100644
--- a/public/hal_nfc.te
+++ b/public/hal_nfc.te
@@ -1,7 +1,3 @@
-# nfc subsystem
-type hal_nfc, domain;
-type hal_nfc_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_nfc)
 
diff --git a/public/hal_power.te b/public/hal_power.te
index 26fec3b59..df4cd4d3f 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -1,6 +1,2 @@
-# power subsystem
-type hal_power, domain;
-type hal_power_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_power);
diff --git a/public/hal_thermal.te b/public/hal_thermal.te
index 665471b9a..6edf8c765 100644
--- a/public/hal_thermal.te
+++ b/public/hal_thermal.te
@@ -1,7 +1,3 @@
-# thermal subsystem
-type hal_thermal, domain;
-type hal_thermal_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_thermal)
 
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index 02b965f32..37d015ea1 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -1,7 +1,3 @@
-# vibrator subsystem
-type hal_vibrator, domain;
-type hal_vibrator_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_vibrator)
 
diff --git a/public/hal_vr.te b/public/hal_vr.te
index 9cae1ab34..4249fdd17 100644
--- a/public/hal_vr.te
+++ b/public/hal_vr.te
@@ -1,7 +1,3 @@
-# vr subsystem
-type hal_vr, domain;
-type hal_vr_exec, exec_type, file_type;
-
 # hwbinder access
 hwbinder_use(hal_vr)
 
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 7c5600b5d..f13d225a7 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -1,7 +1,3 @@
-# wifi legacy hal
-type hal_wifi, domain;
-type hal_wifi_exec, exec_type, file_type;
-
 ## hwbinder access
 hwbinder_use(hal_wifi)
 
-- 
GitLab