Skip to content
Snippets Groups Projects
Commit 75ca4832 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

surfaceflinger and apps are clients of Configstore HAL 

This commit marks surfaceflinger and app domain (except isolated_app)
as clients of Configstore HAL. This cleans up the policy and will make
it easier to restrict access to HwBinder services later.

Test: Play YouTube clip in YouTube app and YouTube web page in Chrome
Test: Take an HDR+ photo, a normal photo, a video, and slow motion
      video in Google Camera app. Check that photos show up fine and
      that videos play back with sound.
Test: Play movie using Google Play Movies
Test: Google Maps app displays the Android's correct location
Bug: 34454312
Change-Id: I0f468a4289132f4eaacfb1d13ce4e61604c2a371
parent 5007c10a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/app.te
+ 0
3
View file @ 75ca4832
...@@ -273,9 +273,6 @@ get_prop({ appdomain -isolated_app }, hwservicemanager_prop); ...@@ -273,9 +273,6 @@ get_prop({ appdomain -isolated_app }, hwservicemanager_prop);
# Allow app access to mediacodec (IOMX HAL) # Allow app access to mediacodec (IOMX HAL)
binder_call({ appdomain -isolated_app }, mediacodec) binder_call({ appdomain -isolated_app }, mediacodec)
# App can access configstore HAL which is read only
binder_call({ appdomain -isolated_app }, hal_configstore)
# Allow app to access shared memory created by camera HAL1 # Allow app to access shared memory created by camera HAL1
allow { appdomain -isolated_app } hal_camera:fd use; allow { appdomain -isolated_app } hal_camera:fd use;
......
private/surfaceflinger.te
+ 0
1
View file @ 75ca4832
...@@ -14,7 +14,6 @@ hwbinder_use(surfaceflinger) ...@@ -14,7 +14,6 @@ hwbinder_use(surfaceflinger)
hal_client_domain(surfaceflinger, hal_graphics_allocator) hal_client_domain(surfaceflinger, hal_graphics_allocator)
binder_call(surfaceflinger, hal_graphics_composer) binder_call(surfaceflinger, hal_graphics_composer)
hal_client_domain(surfaceflinger, hal_graphics_composer) hal_client_domain(surfaceflinger, hal_graphics_composer)
binder_call(surfaceflinger, hal_configstore)
hal_client_domain(surfaceflinger, hal_configstore) hal_client_domain(surfaceflinger, hal_configstore)
# Perform Binder IPC. # Perform Binder IPC.
......
private/technical_debt.cil
+ 5
0
View file @ 75ca4832
...@@ -12,6 +12,11 @@ ...@@ -12,6 +12,11 @@
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app)))))) (typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
(typeattributeset halclientdomain (hal_allocator_client)) (typeattributeset halclientdomain (hal_allocator_client))
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Graphics Allocator HAL ; Apps, except isolated apps, are clients of Graphics Allocator HAL
; Unfortunately, we can't currently express this in module policy language: ; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client; ; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
......
public/hal_configstore.te 0 → 100644
+ 2
0
View file @ 75ca4832
# HwBinder IPC from client to server
binder_call(hal_configstore_client, hal_configstore_server)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment