Switch Allocator HAL policy to _client/_server

This switches Allocator HAL policy to the design which enables us to identify all SELinux domains which host HALs and all domains which are clients of HALs. Allocator HAL is special in the sense that it's assumed to be always binderized. As a result, rules in Camera HAL target hal_allocator_server rather than hal_allocator (which would be the server and any client, if the Allocator HAL runs in passthrough mode). Test: Device boots up, no new denials Test: YouTube video plays back Test: Take photo using Google Camera app, recover a video, record a slow motion video Bug: 34170079 Change-Id: Ifbbca554ec221712361ee6cda94c82f254d84936

Switch Allocator HAL policy to _client/_server
This switches Allocator HAL policy to the design which enables us to identify all SELinux domains which host HALs and all domains which are clients of HALs. Allocator HAL is special in the sense that it's assumed to be always binderized. As a result, rules in Camera HAL target hal_allocator_server rather than hal_allocator (which would be the server and any client, if the Allocator HAL runs in passthrough mode). Test: Device boots up, no new denials Test: YouTube video plays back Test: Take photo using Google Camera app, recover a video, record a slow motion video Bug: 34170079 Change-Id: Ifbbca554ec221712361ee6cda94c82f254d84936
08d6f566 · Alex Klyubin · 00a03d42 · 08d6f566 · 00a03d42 · 08d6f566
Commit 08d6f566 authored 8 years ago by Alex Klyubin
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -247,7 +247,7 @@
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
-/system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_exec:s0
+/system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0

 #############################
 # Vendor files

--- a/private/hal_allocator.te
+++ b/private/hal_allocator.te
-init_daemon_domain(hal_allocator)
--- a/private/hal_allocator_default.te
+++ b/private/hal_allocator_default.te
+type hal_allocator_default, domain;
+hal_server_domain(hal_allocator_default, hal_allocator)
+
+type hal_allocator_default_exec, exec_type, file_type;
+init_daemon_domain(hal_allocator_default)
--- a/public/attributes
+++ b/public/attributes
@@ -121,6 +121,9 @@ attribute halserverdomain;
 attribute halclientdomain;

 # HALs
+attribute hal_allocator;
+attribute hal_allocator_client;
+attribute hal_allocator_server;
 attribute hal_audio;
 attribute hal_audio_client;
 attribute hal_audio_server;

--- a/public/hal_allocator.te
+++ b/public/hal_allocator.te
-# allocator subsystem
-type hal_allocator, domain;
-hal_impl_domain(hal_allocator)
-
-type hal_allocator_exec, exec_type, file_type;
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -16,7 +16,7 @@ allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
 # Allow hal_camera to use fd from app,gralloc,and ashmem HAL
 allow hal_camera { appdomain -isolated_app }:fd use;
 allow hal_camera surfaceflinger:fd use;
-allow hal_camera hal_allocator:fd use;
+allow hal_camera hal_allocator_server:fd use;

 ###
 ### neverallow rules

--- a/public/te_macros
+++ b/public/te_macros
@@ -338,7 +338,7 @@ typeattribute $1 binderservicedomain;
 # Allow a domain to use Hidl shared memory
 define(`hwallocator_use', `
 # Call into the allocator hal
-binder_call($1, hal_allocator);
+binder_call($1, hal_allocator_server);
 ')

 #####################################