From 3a8426bf890aa77ca2da4a000a298f860b9e530f Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Thu, 16 Feb 2017 16:08:22 -0800
Subject: [PATCH] Switch Camera HAL policy to _client/_server

This switches Camera HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Camera HAL.

Domains which are clients of Camera HAL, such as cameraserver domain,
are granted rules targeting hal_camera only when the Camera HAL runs
in passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_camera are
not granted to client domains.

Domains which offer a binderized implementation of Camera HAL, such
as hal_camera_default domain, are always granted rules targeting
hal_camera.

Test: Take non-HDR photo using Google Camera app
Test: Take HDR photo using Google Camera app
Test: Record video using Google Camera app
Bug: 34170079
Change-Id: I463646cf79fede57f11ccd4ec2cbc37a4fff141e
---
 public/attributes            |  2 ++
 public/cameraserver.te       | 15 +--------------
 public/hal_camera.te         |  8 +++++---
 vendor/hal_camera_default.te |  2 +-
 4 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/public/attributes b/public/attributes
index e48f96f69..0d9428cce 100644
--- a/public/attributes
+++ b/public/attributes
@@ -128,6 +128,8 @@ attribute hal_audio_client;
 attribute hal_audio_server;
 attribute hal_bluetooth;
 attribute hal_camera;
+attribute hal_camera_client;
+attribute hal_camera_server;
 attribute hal_configstore;
 attribute hal_contexthub;
 attribute hal_drm;
diff --git a/public/cameraserver.te b/public/cameraserver.te
index a262940fb..aa7d107f3 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -7,19 +7,9 @@ binder_call(cameraserver, binderservicedomain)
 binder_call(cameraserver, appdomain)
 binder_service(cameraserver)
 
-hwbinder_use(cameraserver)
-binder_call(cameraserver, hal_camera)
-binder_call(cameraserver, hwservicemanager)
+hal_client_domain(cameraserver, hal_camera)
 
-# access /data/misc/camera
-allow cameraserver camera_data_file:dir create_dir_perms;
-allow cameraserver camera_data_file:file create_file_perms;
-
-allow cameraserver video_device:dir r_dir_perms;
-allow cameraserver video_device:chr_file rw_file_perms;
-allow cameraserver camera_device:chr_file rw_file_perms;
 allow cameraserver ion_device:chr_file rw_file_perms;
-allow cameraserver hal_graphics_allocator:fd use;
 
 add_service(cameraserver, cameraserver_service)
 allow cameraserver appops_service:service_manager find;
@@ -31,9 +21,6 @@ allow cameraserver processinfo_service:service_manager find;
 allow cameraserver scheduling_policy_service:service_manager find;
 allow cameraserver surfaceflinger_service:service_manager find;
 
-# For HIDL hwservicemanager
-allow cameraserver system_file:dir r_dir_perms;
-
 ###
 ### neverallow rules
 ###
diff --git a/public/hal_camera.te b/public/hal_camera.te
index b879c9808..02b8e77b6 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -1,5 +1,6 @@
-hwbinder_use(hal_camera)
-binder_call(hal_camera, cameraserver)
+# HwBinder IPC from clients to server and callbacks
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)
 
 # access /data/misc/camera
 allow hal_camera camera_data_file:dir create_dir_perms;
@@ -9,7 +10,8 @@ allow hal_camera video_device:dir r_dir_perms;
 allow hal_camera video_device:chr_file rw_file_perms;
 allow hal_camera camera_device:chr_file rw_file_perms;
 allow hal_camera ion_device:chr_file rw_file_perms;
-allow hal_camera hal_graphics_allocator:fd use;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 
 
 ###
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index a97989a54..8fdb4f009 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -1,5 +1,5 @@
 type hal_camera_default, domain;
-hal_impl_domain(hal_camera_default, hal_camera)
+hal_server_domain(hal_camera_default, hal_camera)
 
 type hal_camera_default_exec, exec_type, file_type;
 init_daemon_domain(hal_camera_default)
-- 
GitLab