From 27ae545a78223b9fc92c51154ce110f75a6dda8a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 25 Oct 2016 12:42:39 -0700
Subject: [PATCH] clean up hal types
Bug: 32123421
Test: build Hikey
Change-Id: Iaf02626f3f3a94104c0f9d746c3cf5f20751a27d
---
private/android_hardware_nfc_1_0_service.te | 2 --
private/android_hardware_vibrator_service.te | 2 --
private/android_hardware_vr.te | 2 --
private/file_contexts | 12 +++----
...ware_audio_2_0_service.te => hal_audio.te} | 2 +-
private/hal_nfc.te | 2 ++
private/hal_vibrator.te | 2 ++
private/hal_vr.te | 2 ++
public/android_hardware_audio_2_0_service.te | 36 -------------------
public/android_hardware_nfc_1_0_service.te | 19 ----------
public/android_hardware_vibrator_service.te | 9 -----
public/android_hardware_vr.te | 9 -----
public/audioserver.te | 2 +-
public/hal_audio.te | 36 +++++++++++++++++++
public/hal_nfc.te | 19 ++++++++++
public/hal_vibrator.te | 9 +++++
public/hal_vr.te | 9 +++++
public/nfc.te | 2 +-
public/system_server.te | 4 +--
19 files changed, 90 insertions(+), 90 deletions(-)
delete mode 100644 private/android_hardware_nfc_1_0_service.te
delete mode 100644 private/android_hardware_vibrator_service.te
delete mode 100644 private/android_hardware_vr.te
rename private/{android_hardware_audio_2_0_service.te => hal_audio.te} (68%)
create mode 100644 private/hal_nfc.te
create mode 100644 private/hal_vibrator.te
create mode 100644 private/hal_vr.te
delete mode 100644 public/android_hardware_audio_2_0_service.te
delete mode 100644 public/android_hardware_nfc_1_0_service.te
delete mode 100644 public/android_hardware_vibrator_service.te
delete mode 100644 public/android_hardware_vr.te
create mode 100644 public/hal_audio.te
create mode 100644 public/hal_nfc.te
create mode 100644 public/hal_vibrator.te
create mode 100644 public/hal_vr.te
diff --git a/private/android_hardware_nfc_1_0_service.te b/private/android_hardware_nfc_1_0_service.te
deleted file mode 100644
index 43368f8ad..000000000
--- a/private/android_hardware_nfc_1_0_service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(android_hardware_nfc_1_0_service)
diff --git a/private/android_hardware_vibrator_service.te b/private/android_hardware_vibrator_service.te
deleted file mode 100644
index ca8cc2498..000000000
--- a/private/android_hardware_vibrator_service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(android_hardware_vibrator_service)
diff --git a/private/android_hardware_vr.te b/private/android_hardware_vr.te
deleted file mode 100644
index 65ab4eec7..000000000
--- a/private/android_hardware_vr.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(android_hardware_vr)
diff --git a/private/file_contexts b/private/file_contexts
index c0e6fcfe5..8c94bfbc8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -169,7 +169,6 @@
/system/bin/wificond u:object_r:wificond_exec:s0
/system/bin/rild u:object_r:rild_exec:s0
/system/bin/audioserver u:object_r:audioserver_exec:s0
-/system/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:android_hardware_audio_2_0_service_exec:s0
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
@@ -219,13 +218,14 @@
/system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
-/system/bin/hw/wifi_hal_legacy u:object_r:wifi_hal_legacy_exec:s0
/system/fake-lib(64)?/libart.* u:object_r:libart_file:s0
/system/lib(64)?/libart.* u:object_r:libart_file:s0
-/system/bin/hw/android.hardware.boot@1.0-service u:object_r:hal_boot_exec:s0
-/system/bin/hw/android.hardware.nfc@1.0-service u:object_r:android_hardware_nfc_1_0_service_exec:s0
-/system/bin/hw/android.hardware.vibrator@1.0-service u:object_r:android_hardware_vibrator_service_exec:s0
-/system/bin/hw/android.hardware.vr@1.0-service u:object_r:android_hardware_vr_exec:s0
+/system/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_exec:s0
+/system/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_exec:s0
+/system/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_exec:s0
+/system/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_exec:s0
+/system/bin/hw/wifi_hal_legacy u:object_r:wifi_hal_legacy_exec:s0
#############################
# Vendor files
diff --git a/private/android_hardware_audio_2_0_service.te b/private/hal_audio.te
similarity index 68%
rename from private/android_hardware_audio_2_0_service.te
rename to private/hal_audio.te
index 8a29255f2..0a3c170df 100644
--- a/private/android_hardware_audio_2_0_service.te
+++ b/private/hal_audio.te
@@ -1,3 +1,3 @@
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
-init_daemon_domain(android_hardware_audio_2_0_service)
+init_daemon_domain(hal_audio)
diff --git a/private/hal_nfc.te b/private/hal_nfc.te
new file mode 100644
index 000000000..0d0f24606
--- /dev/null
+++ b/private/hal_nfc.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_nfc)
diff --git a/private/hal_vibrator.te b/private/hal_vibrator.te
new file mode 100644
index 000000000..ceba155e8
--- /dev/null
+++ b/private/hal_vibrator.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_vibrator)
diff --git a/private/hal_vr.te b/private/hal_vr.te
new file mode 100644
index 000000000..cc632f64d
--- /dev/null
+++ b/private/hal_vr.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(hal_vr)
diff --git a/public/android_hardware_audio_2_0_service.te b/public/android_hardware_audio_2_0_service.te
deleted file mode 100644
index 9da62c8b1..000000000
--- a/public/android_hardware_audio_2_0_service.te
+++ /dev/null
@@ -1,36 +0,0 @@
-# android_hardware_audio_2_0_service - audio services daemon
-type android_hardware_audio_2_0_service, domain;
-type android_hardware_audio_2_0_service_exec, exec_type, file_type;
-
-hwbinder_use(android_hardware_audio_2_0_service)
-binder_call(android_hardware_audio_2_0_service, audioserver)
-
-allow android_hardware_audio_2_0_service ion_device:chr_file r_file_perms;
-
-allow android_hardware_audio_2_0_service system_file:dir { open read };
-
-userdebug_or_eng(`
- # used for pcm capture for debug.
- allow android_hardware_audio_2_0_service audiohal_data_file:dir create_dir_perms;
- allow android_hardware_audio_2_0_service audiohal_data_file:file create_file_perms;
-')
-
-r_dir_file(android_hardware_audio_2_0_service, proc)
-allow android_hardware_audio_2_0_service audio_device:dir r_dir_perms;
-allow android_hardware_audio_2_0_service audio_device:chr_file rw_file_perms;
-
-# Needed on some devices for playing audio on paired BT device,
-# but seems appropriate for all devices.
-unix_socket_connect(android_hardware_audio_2_0_service, bluetooth, bluetooth)
-
-###
-### neverallow rules
-###
-
-# android_hardware_audio_2_0_service should never execute any executable without
-# a domain transition
-neverallow android_hardware_audio_2_0_service { file_type fs_type }:file execute_no_trans;
-
-# android_hardware_audio_2_0_service should never need network access.
-# Disallow network sockets.
-neverallow android_hardware_audio_2_0_service domain:{ tcp_socket udp_socket rawip_socket } *;
\ No newline at end of file
diff --git a/public/android_hardware_nfc_1_0_service.te b/public/android_hardware_nfc_1_0_service.te
deleted file mode 100644
index 79da53b78..000000000
--- a/public/android_hardware_nfc_1_0_service.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# nfc subsystem
-type android_hardware_nfc_1_0_service, domain;
-type android_hardware_nfc_1_0_service_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_nfc_1_0_service)
-
-# call into NFC process (callbacks)
-binder_call(android_hardware_nfc_1_0_service, nfc)
-
-# Set NFC properties (used by bcm2079x HAL).
-set_prop(android_hardware_nfc_1_0_service, nfc_prop)
-
-# NFC device access.
-allow android_hardware_nfc_1_0_service nfc_device:chr_file rw_file_perms;
-
-# Data file accesses.
-allow android_hardware_nfc_1_0_service nfc_data_file:dir create_dir_perms;
-allow android_hardware_nfc_1_0_service nfc_data_file:notdevfile_class_set create_file_perms;
diff --git a/public/android_hardware_vibrator_service.te b/public/android_hardware_vibrator_service.te
deleted file mode 100644
index 37381e8f7..000000000
--- a/public/android_hardware_vibrator_service.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# vibrator subsystem
-type android_hardware_vibrator_service, domain;
-type android_hardware_vibrator_service_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_vibrator_service)
-
-# vibrator sysfs rw access
-allow android_hardware_vibrator_service sysfs_vibrator:file rw_file_perms;
diff --git a/public/android_hardware_vr.te b/public/android_hardware_vr.te
deleted file mode 100644
index f6651c5c9..000000000
--- a/public/android_hardware_vr.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# vr subsystem
-type android_hardware_vr, domain;
-type android_hardware_vr_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_vr)
-
-# call into system_server process
-binder_call(android_hardware_vr, system_server)
diff --git a/public/audioserver.te b/public/audioserver.te
index 5dea1b3cc..455ab4b75 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -10,7 +10,7 @@ binder_call(audioserver, { appdomain ephemeral_app })
binder_service(audioserver)
hwbinder_use(audioserver)
-binder_call(audioserver, android_hardware_audio_2_0_service)
+binder_call(audioserver, hal_audio)
r_dir_file(audioserver, proc)
allow audioserver ion_device:chr_file r_file_perms;
diff --git a/public/hal_audio.te b/public/hal_audio.te
new file mode 100644
index 000000000..b3ca73c8d
--- /dev/null
+++ b/public/hal_audio.te
@@ -0,0 +1,36 @@
+# hal_audio - audio services daemon
+type hal_audio, domain;
+type hal_audio_exec, exec_type, file_type;
+
+hwbinder_use(hal_audio)
+binder_call(hal_audio, audioserver)
+
+allow hal_audio ion_device:chr_file r_file_perms;
+
+allow hal_audio system_file:dir { open read };
+
+userdebug_or_eng(`
+ # used for pcm capture for debug.
+ allow hal_audio audiohal_data_file:dir create_dir_perms;
+ allow hal_audio audiohal_data_file:file create_file_perms;
+')
+
+r_dir_file(hal_audio, proc)
+allow hal_audio audio_device:dir r_dir_perms;
+allow hal_audio audio_device:chr_file rw_file_perms;
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(hal_audio, bluetooth, bluetooth)
+
+###
+### neverallow rules
+###
+
+# hal_audio should never execute any executable without
+# a domain transition
+neverallow hal_audio { file_type fs_type }:file execute_no_trans;
+
+# hal_audio should never need network access.
+# Disallow network sockets.
+neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/hal_nfc.te b/public/hal_nfc.te
new file mode 100644
index 000000000..528eb7c99
--- /dev/null
+++ b/public/hal_nfc.te
@@ -0,0 +1,19 @@
+# nfc subsystem
+type hal_nfc, domain;
+type hal_nfc_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_nfc)
+
+# call into NFC process (callbacks)
+binder_call(hal_nfc, nfc)
+
+# Set NFC properties (used by bcm2079x HAL).
+set_prop(hal_nfc, nfc_prop)
+
+# NFC device access.
+allow hal_nfc nfc_device:chr_file rw_file_perms;
+
+# Data file accesses.
+allow hal_nfc nfc_data_file:dir create_dir_perms;
+allow hal_nfc nfc_data_file:notdevfile_class_set create_file_perms;
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
new file mode 100644
index 000000000..02b965f32
--- /dev/null
+++ b/public/hal_vibrator.te
@@ -0,0 +1,9 @@
+# vibrator subsystem
+type hal_vibrator, domain;
+type hal_vibrator_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_vibrator)
+
+# vibrator sysfs rw access
+allow hal_vibrator sysfs_vibrator:file rw_file_perms;
diff --git a/public/hal_vr.te b/public/hal_vr.te
new file mode 100644
index 000000000..9cae1ab34
--- /dev/null
+++ b/public/hal_vr.te
@@ -0,0 +1,9 @@
+# vr subsystem
+type hal_vr, domain;
+type hal_vr_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_vr)
+
+# call into system_server process
+binder_call(hal_vr, system_server)
diff --git a/public/nfc.te b/public/nfc.te
index 09e75150e..3d40867db 100644
--- a/public/nfc.te
+++ b/public/nfc.te
@@ -36,4 +36,4 @@ allow nfc system_api_service:service_manager find;
allow nfc shell_data_file:file read;
# allow NFC process to call into the NFC HAL
-binder_call(nfc, android_hardware_nfc_1_0_service)
+binder_call(nfc, hal_nfc)
diff --git a/public/system_server.te b/public/system_server.te
index 35f1b7306..c562b6529 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -148,8 +148,8 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
# Perform Binder IPC.
binder_use(system_server)
binder_call(system_server, hal_boot)
-binder_call(system_server, android_hardware_vibrator_service)
-binder_call(system_server, android_hardware_vr)
+binder_call(system_server, hal_vibrator)
+binder_call(system_server, hal_vr)
binder_call(system_server, binderservicedomain)
binder_call(system_server, gatekeeperd)
binder_call(system_server, fingerprintd)
--
GitLab