Move boot_control HAL permissions to an attribute. am: 0f8d9261

am: dc0c51ea

* commit 'dc0c51ea':
  Move boot_control HAL permissions to an attribute.

Change-Id: Ic66c5c9aa4cffb5e83468656e935989af576d0a9

attributes

@@ -103,3 +103,8 @@ attribute bluetoothdomain;
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
+
+# All domains that access the boot_control HAL. The permissions the HAL
+# requires are specific to the implementation provided in each device, but
+# common daemons need to be aware of those when calling into the HAL.
+attribute boot_control_hal;

boot_control_hal.te

+# Allow read/write bootctrl block device, if one is defined.
+allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;

update_engine.te

 # Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated;
+# update_engine uses the boot_control_hal.
+type update_engine, domain, domain_deprecated, boot_control_hal;
 type update_engine_exec, exec_type, file_type;
 type update_engine_data_file, file_type, data_file_type;
 
@@ -55,6 +56,3 @@ allow update_engine update_engine_service:service_manager { add };
 
 # Allow update_engine to call the callback function provided by priv_app.
 binder_call(update_engine, priv_app)
-
-# Allow read/write bootctrl block device.
-allow update_engine bootctrl_block_device:blk_file rw_file_perms;

update_verifier.te

 # update_verifier
-type update_verifier, domain;
+# update_verifier uses the boot_control_hal.
+type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;
 
 init_daemon_domain(update_verifier)
 
-# Raw writes to bootctrl block device
-allow update_verifier bootctrl_block_device:blk_file rw_file_perms;
-
 # TODO: Add rules to allow update_verifier to read system_block_device.