Switch Camera HAL policy to _client/_server am: 3a8426bf am: 205d5cec

am: 0aa2046d Change-Id: I82458248ea9873dda5574de3287ce92eb29fbb75

Switch Camera HAL policy to _client/_server am: 3a8426bf am: 205d5cec
am: 0aa2046d Change-Id: I82458248ea9873dda5574de3287ce92eb29fbb75
ac6081e7 · Alex Klyubin · android-build-merger · 1476d0cf · 0aa2046d · ac6081e7
Commit ac6081e7 authored 8 years ago by Alex Klyubin Committed by android-build-merger 8 years ago
--- a/public/attributes
+++ b/public/attributes
@@ -128,6 +128,8 @@ attribute hal_audio_client;
 attribute hal_audio_server;
 attribute hal_bluetooth;
 attribute hal_camera;
+attribute hal_camera_client;
+attribute hal_camera_server;
 attribute hal_configstore;
 attribute hal_contexthub;
 attribute hal_drm;

--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -7,19 +7,9 @@ binder_call(cameraserver, binderservicedomain)
 binder_call(cameraserver, appdomain)
 binder_service(cameraserver)

-hwbinder_use(cameraserver)
-binder_call(cameraserver, hal_camera)
-binder_call(cameraserver, hwservicemanager)
+hal_client_domain(cameraserver, hal_camera)

-# access /data/misc/camera
-allow cameraserver camera_data_file:dir create_dir_perms;
-allow cameraserver camera_data_file:file create_file_perms;
-
-allow cameraserver video_device:dir r_dir_perms;
-allow cameraserver video_device:chr_file rw_file_perms;
-allow cameraserver camera_device:chr_file rw_file_perms;
 allow cameraserver ion_device:chr_file rw_file_perms;
-allow cameraserver hal_graphics_allocator:fd use;

 add_service(cameraserver, cameraserver_service)
 allow cameraserver appops_service:service_manager find;
@@ -31,9 +21,6 @@ allow cameraserver processinfo_service:service_manager find;
 allow cameraserver scheduling_policy_service:service_manager find;
 allow cameraserver surfaceflinger_service:service_manager find;

-# For HIDL hwservicemanager
-allow cameraserver system_file:dir r_dir_perms;
-
 ###
 ### neverallow rules
 ###

--- a/public/hal_camera.te
+++ b/public/hal_camera.te
-hwbinder_use(hal_camera)
-binder_call(hal_camera, cameraserver)
+# HwBinder IPC from clients to server and callbacks
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)

 # access /data/misc/camera
 allow hal_camera camera_data_file:dir create_dir_perms;
@@ -9,7 +10,8 @@ allow hal_camera video_device:dir r_dir_perms;
 allow hal_camera video_device:chr_file rw_file_perms;
 allow hal_camera camera_device:chr_file rw_file_perms;
 allow hal_camera ion_device:chr_file rw_file_perms;
-allow hal_camera hal_graphics_allocator:fd use;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;


 ###

--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
 type hal_camera_default, domain;
-hal_impl_domain(hal_camera_default, hal_camera)
+hal_server_domain(hal_camera_default, hal_camera)

 type hal_camera_default_exec, exec_type, file_type;
 init_daemon_domain(hal_camera_default)