From a25192262b7bde0d480910b9662027c8617cccba Mon Sep 17 00:00:00 2001 From: Steven Moreland <smoreland@google.com> Date: Wed, 18 Jan 2017 09:43:29 -0800 Subject: [PATCH] haldomain: add hwbinder_use All hals need to use hwbinder. Test: no additional denials Bug: 34180936 Change-Id: Ie92cdbd79fc75062c4afa4cda53cb57ccde7e370 --- private/haldomain.te | 2 ++ public/hal_allocator.te | 3 --- public/hal_audio.te | 1 - public/hal_bluetooth.te | 3 --- public/hal_boot.te | 3 --- public/hal_contexthub.te | 3 --- public/hal_dumpstate.te | 3 --- public/hal_fingerprint.te | 2 -- public/hal_gatekeeper.te | 3 --- public/hal_gnss.te | 3 --- public/hal_graphics_allocator.te | 3 --- public/hal_graphics_composer.te | 2 -- public/hal_health.te | 3 --- public/hal_ir.te | 3 --- public/hal_light.te | 3 --- public/hal_memtrack.te | 2 -- public/hal_nfc.te | 3 --- public/hal_power.te | 2 -- public/hal_sensors.te | 2 -- public/hal_telephony.te | 2 -- public/hal_thermal.te | 3 --- public/hal_vibrator.te | 3 --- public/hal_vr.te | 3 --- public/hal_wifi.te | 3 --- 24 files changed, 2 insertions(+), 61 deletions(-) delete mode 100644 public/hal_memtrack.te delete mode 100644 public/hal_power.te delete mode 100644 public/hal_sensors.te diff --git a/private/haldomain.te b/private/haldomain.te index 511f78dc9..a8fa1a216 100644 --- a/private/haldomain.te +++ b/private/haldomain.te @@ -1,3 +1,5 @@ ### ### Rules for all HAL implementations ### + +hwbinder_use(haldomain) diff --git a/public/hal_allocator.te b/public/hal_allocator.te index a312e598f..cab014543 100644 --- a/public/hal_allocator.te +++ b/public/hal_allocator.te @@ -3,6 +3,3 @@ type hal_allocator, domain; hal_impl_domain(hal_allocator) type hal_allocator_exec, exec_type, file_type; - -# hwbinder access -hwbinder_use(hal_allocator) diff --git a/public/hal_audio.te b/public/hal_audio.te index 2dcbeb874..15d0e414a 100644 --- a/public/hal_audio.te +++ b/public/hal_audio.te @@ -1,4 +1,3 @@ -hwbinder_use(hal_audio) binder_use(hal_audio) binder_call(hal_audio, audioserver) binder_call(hal_audio, system_server) diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te index d06147137..a3497a754 100644 --- a/public/hal_bluetooth.te +++ b/public/hal_bluetooth.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_bluetooth) - r_dir_file(hal_bluetooth, system_file) # call into the Bluetooth process (callbacks) diff --git a/public/hal_boot.te b/public/hal_boot.te index 6688f7fdb..4e7ba9e9e 100644 --- a/public/hal_boot.te +++ b/public/hal_boot.te @@ -4,8 +4,5 @@ hal_impl_domain(hal_boot) type hal_boot_exec, exec_type, file_type; -# hwbinder access -hwbinder_use(hal_boot) - # call into system_server process (callbacks) binder_call(hal_boot, system_server) diff --git a/public/hal_contexthub.te b/public/hal_contexthub.te index 9d3685b52..d991e9dfe 100644 --- a/public/hal_contexthub.te +++ b/public/hal_contexthub.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_contexthub) - # call into system_server process (callbacks) binder_call(hal_contexthub, system_server) diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te index 7884e38fd..55e34635e 100644 --- a/public/hal_dumpstate.te +++ b/public/hal_dumpstate.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_dumpstate) - # call into dumpstate process (callbacks) binder_call(hal_dumpstate, dumpstate) diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te index 426b73ad2..3d8a78dee 100644 --- a/public/hal_fingerprint.te +++ b/public/hal_fingerprint.te @@ -1,5 +1,3 @@ -hwbinder_use(hal_fingerprint) - # Scan through /system/lib64/hw looking for installed HALs allow hal_fingerprint system_file:dir r_dir_perms; diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te index 27912b765..a17dbcd56 100644 --- a/public/hal_gatekeeper.te +++ b/public/hal_gatekeeper.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_gatekeeper) - # call into gatekeeperd process (callbacks) binder_call(hal_gatekeeper, gatekeeperd) diff --git a/public/hal_gnss.te b/public/hal_gnss.te index a883e395a..753791bbf 100644 --- a/public/hal_gnss.te +++ b/public/hal_gnss.te @@ -1,4 +1 @@ -# hwbinder access -hwbinder_use(hal_gnss) - binder_call(hal_gnss, system_server) diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te index 1c357ed44..45999bef2 100644 --- a/public/hal_graphics_allocator.te +++ b/public/hal_graphics_allocator.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_graphics_allocator) - # GPU device access allow hal_graphics_allocator gpu_device:chr_file rw_file_perms; allow hal_graphics_allocator ion_device:chr_file r_file_perms; diff --git a/public/hal_graphics_composer.te b/public/hal_graphics_composer.te index 3753278f4..f875935d9 100644 --- a/public/hal_graphics_composer.te +++ b/public/hal_graphics_composer.te @@ -1,5 +1,3 @@ -# HwBinder access -hwbinder_use(hal_graphics_composer) # IComposerCallback binder_call(hal_graphics_composer, surfaceflinger) diff --git a/public/hal_health.te b/public/hal_health.te index c6391b810..341efdd20 100644 --- a/public/hal_health.te +++ b/public/hal_health.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_health) - # call into healthd for callbacks binder_call(hal_health, healthd) diff --git a/public/hal_ir.te b/public/hal_ir.te index 3c7b51a9b..adfb5ae18 100644 --- a/public/hal_ir.te +++ b/public/hal_ir.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_ir) - # call into system_server process (callbacks) binder_call(hal_ir, system_server) diff --git a/public/hal_light.te b/public/hal_light.te index af238dd72..4fb38b8c7 100644 --- a/public/hal_light.te +++ b/public/hal_light.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_light) - # call into system_server process (callbacks) binder_call(hal_light, system_server) diff --git a/public/hal_memtrack.te b/public/hal_memtrack.te deleted file mode 100644 index 90ecc0a10..000000000 --- a/public/hal_memtrack.te +++ /dev/null @@ -1,2 +0,0 @@ -# hwbinder access -hwbinder_use(hal_memtrack); diff --git a/public/hal_nfc.te b/public/hal_nfc.te index a062a7812..0c4bd9c01 100644 --- a/public/hal_nfc.te +++ b/public/hal_nfc.te @@ -1,6 +1,3 @@ -# hwbinder access -hwbinder_use(hal_nfc) - # call into NFC process (callbacks) binder_call(hal_nfc, nfc) diff --git a/public/hal_power.te b/public/hal_power.te deleted file mode 100644 index df4cd4d3f..000000000 --- a/public/hal_power.te +++ /dev/null @@ -1,2 +0,0 @@ -# hwbinder access -hwbinder_use(hal_power); diff --git a/public/hal_sensors.te b/public/hal_sensors.te deleted file mode 100644 index e3e48ab74..000000000 --- a/public/hal_sensors.te +++ /dev/null @@ -1,2 +0,0 @@ -# hwbinder access -hwbinder_use(hal_sensors) diff --git a/public/hal_telephony.te b/public/hal_telephony.te index 6f3a38fa2..704adc096 100644 --- a/public/hal_telephony.te +++ b/public/hal_telephony.te @@ -1,5 +1,3 @@ # Perform HwBinder IPC. -hwbinder_use(hal_telephony) binder_call(hal_telephony, radio) binder_call(hal_telephony, bluetooth) - diff --git a/public/hal_thermal.te b/public/hal_thermal.te index 6edf8c765..a59a97885 100644 --- a/public/hal_thermal.te +++ b/public/hal_thermal.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_thermal) - # call into system_server process (callbacks) binder_call(hal_thermal, system_server) diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te index 37d015ea1..0d9d308df 100644 --- a/public/hal_vibrator.te +++ b/public/hal_vibrator.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_vibrator) - # vibrator sysfs rw access allow hal_vibrator sysfs_vibrator:file rw_file_perms; diff --git a/public/hal_vr.te b/public/hal_vr.te index 4249fdd17..08102ad80 100644 --- a/public/hal_vr.te +++ b/public/hal_vr.te @@ -1,5 +1,2 @@ -# hwbinder access -hwbinder_use(hal_vr) - # call into system_server process binder_call(hal_vr, system_server) diff --git a/public/hal_wifi.te b/public/hal_wifi.te index f13d225a7..960f1aceb 100644 --- a/public/hal_wifi.te +++ b/public/hal_wifi.te @@ -1,6 +1,3 @@ -## hwbinder access -hwbinder_use(hal_wifi) - ## call into system_server process (for invoking callbacks) binder_call(hal_wifi, system_server) -- GitLab