Switch Camera HAL policy to _client/_server

This switches Camera HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Camera HAL. Domains which are clients of Camera HAL, such as cameraserver domain, are granted rules targeting hal_camera only when the Camera HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_camera are not granted to client domains. Domains which offer a binderized implementation of Camera HAL, such as hal_camera_default domain, are always granted rules targeting hal_camera. Test: Take non-HDR photo using Google Camera app Test: Take HDR photo using Google Camera app Test: Record video using Google Camera app Bug: 34170079 Change-Id: I463646cf79fede57f11ccd4ec2cbc37a4fff141e

Switch Camera HAL policy to _client/_server
3a8426bf · Alex Klyubin · e7f923f0 · 3a8426bf · 3a8426bf · 3a8426bf
Commit 3a8426bf authored 8 years ago by Alex Klyubin
--- a/public/attributes
+++ b/public/attributes
@@ -128,6 +128,8 @@ attribute hal_audio_client;
 attribute hal_audio_server;
 attribute hal_bluetooth;
 attribute hal_camera;
+attribute hal_camera_client;
+attribute hal_camera_server;
 attribute hal_configstore;
 attribute hal_contexthub;
 attribute hal_drm;

--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -7,19 +7,9 @@ binder_call(cameraserver, binderservicedomain)
 binder_call(cameraserver, appdomain)
 binder_service(cameraserver)
-hwbinder_use(cameraserver)
+hal_client_domain(cameraserver, hal_camera)
-binder_call(cameraserver, hal_camera)
-binder_call(cameraserver, hwservicemanager)
-# access /data/misc/camera
-allow cameraserver camera_data_file:dir create_dir_perms;
-allow cameraserver camera_data_file:file create_file_perms;
-allow cameraserver video_device:dir r_dir_perms;
-allow cameraserver video_device:chr_file rw_file_perms;
-allow cameraserver camera_device:chr_file rw_file_perms;
 allow cameraserver ion_device:chr_file rw_file_perms;
-allow cameraserver hal_graphics_allocator:fd use;
 add_service(cameraserver, cameraserver_service)
 allow cameraserver appops_service:service_manager find;
@@ -31,9 +21,6 @@ allow cameraserver processinfo_service:service_manager find;
 allow cameraserver scheduling_policy_service:service_manager find;
 allow cameraserver surfaceflinger_service:service_manager find;
-# For HIDL hwservicemanager
-allow cameraserver system_file:dir r_dir_perms;
 ###
 ### neverallow rules
 ###

--- a/public/hal_camera.te
+++ b/public/hal_camera.te
-hwbinder_use(hal_camera)
+# HwBinder IPC from clients to server and callbacks
-binder_call(hal_camera, cameraserver)
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)
 # access /data/misc/camera
 allow hal_camera camera_data_file:dir create_dir_perms;
@@ -9,7 +10,8 @@ allow hal_camera video_device:dir r_dir_perms;
 allow hal_camera video_device:chr_file rw_file_perms;
 allow hal_camera camera_device:chr_file rw_file_perms;
 allow hal_camera ion_device:chr_file rw_file_perms;
-allow hal_camera hal_graphics_allocator:fd use;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 ###

--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
 type hal_camera_default, domain;
-hal_impl_domain(hal_camera_default, hal_camera)
+hal_server_domain(hal_camera_default, hal_camera)
 type hal_camera_default_exec, exec_type, file_type;
 init_daemon_domain(hal_camera_default)