From 52276383944a298fa5e10175cfc6509fbb76647f Mon Sep 17 00:00:00 2001
From: Daniel Nicoara <dnicoara@google.com>
Date: Thu, 20 Apr 2017 16:17:07 -0400
Subject: [PATCH] Remove rules blocking vrcore_app to connect to VR HWC and
VirtualTouchpad
Bug: 37542947
Test: Compiled and ran on device to ensure no access errors while in VR
Change-Id: Ia685676d82f1f10f2bd371a13879d00fe63a9ea6
---
public/domain.te | 2 ++
public/virtual_touchpad.te | 3 ---
public/vr_hwc.te | 4 +---
3 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/public/domain.te b/public/domain.te
index 97f75c065..599975baf 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -535,6 +535,8 @@ full_treble_only(`
-nfc_service
-radio_service
-surfaceflinger_service
+ -virtual_touchpad_service
+ -vr_hwc_service
-vr_manager_service
}:service_manager find;
neverallow {
diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index 544550a86..8a28cf0d2 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -7,6 +7,3 @@ add_service(virtual_touchpad, virtual_touchpad_service)
# Requires access to /dev/uinput to create and feed the virtual device.
allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
-
-# Limit access so that nothing else can inject input.
-neverallow { domain -virtual_touchpad -vr_wm } virtual_touchpad_service:service_manager find;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index b0d3ad927..7488cc04f 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,7 @@ binder_use(vr_hwc)
binder_service(vr_hwc)
binder_call(vr_hwc, surfaceflinger)
+# TODO(dnicoara): Remove once vr_wm is disabled.
binder_call(vr_hwc, vr_wm)
add_service(vr_hwc, vr_hwc_service)
@@ -24,6 +25,3 @@ allow vr_hwc ion_device:chr_file r_file_perms;
# Allow connection to VR DisplayClient to get the primary display metadata
# (ie: size).
use_pdx(vr_hwc, surfaceflinger)
-
-# Limit access so only vr_wm can connect.
-neverallow { domain -vr_hwc -vr_wm } vr_hwc_service:service_manager find;
--
GitLab