From 7fa59c819cdcdb67a6db58576e55c4af5e5bc750 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 13 Mar 2017 22:03:10 -0700
Subject: [PATCH] Enforce separation of privilege for HAL driver access

Only audio HAL may access audio driver.
Only camera HAL may access camera driver.

Test: aosp_marlin and aosp_bullhead policy builds. Note: neverallow
      rules are compile time assertions and do not change the
      on-device policy.
Bug: 36185625
Change-Id: I1c9edf528080374f5f0d90d3c14d6c3b162484a3
---
 public/hal_audio.te  | 3 +++
 public/hal_camera.te | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/public/hal_audio.te b/public/hal_audio.te
index f62056294..a195c9363 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -38,3 +38,6 @@ neverallow hal_audio { file_type fs_type }:file execute_no_trans;
 # Should never need network access.
 # Disallow network sockets.
 neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Only audio HAL may directly access the audio hardware
+neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index df445fa9a..6ed06b79a 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -28,3 +28,7 @@ neverallow hal_camera { file_type fs_type }:file execute_no_trans;
 
 # hal_camera should never need network access. Disallow network sockets.
 neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Only camera HAL may directly access the camera and video hardware
+neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
+neverallow { halserverdomain -hal_camera_server } video_device:chr_file *;
-- 
GitLab