From ac88cb610161544c45068b870078996fbd5f2959 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Wed, 6 Jun 2018 12:55:06 -0700
Subject: [PATCH] Make hal_configstore consistent.

Previously, supposedly, each individual client of configstore
was supposed to add the add_hwservice attribute itself to get
ahold of the specific sub-interface of configstore relevant to
it. However, there is only one configstore interface,
ISurfaceFlingerConfigs.

From this point onward, the configstore hal is to be thought of
as specifically relating to surface flinger. Other properties
may be added as other attributes/packages.

For instance, if we want a configstore entry for 'IFooConfig',
then we would add the configuration to one of the following
packages:
- android.hardware.foo@X.Y (to the interface itself)
- android.hardware.foo.config@X.Y (to a configuration of the interface)
- android.hardware.configstore.foo@X.Y (as a sub-interface of configstore)

and then it could be associated with the sepolicy attributes
(respectively):
- hal_foo
- hal_foo_config (or just hal_foo if they are 1-1)
- hal_configstore_foo

The specific pattern to be followed irrelevant to this CL
and subject to future discussion, the point being that we're going
to have a separate sepolicy attribute (and package, although this
isn't strictly necessary) for each separate domain's configuration.

Fixes: 109806245
Test: boot walleye, check for denials
Change-Id: If661e3fca012017a6c854fe3f02df4b779d514df
---
 public/hal_configstore.te | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index c8051e142..2931cb582 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -1,12 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_configstore_client, hal_configstore_server)
 
-allow hal_configstore_client hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-
-add_hwservice(hal_configstore_server, hal_configstore_ISurfaceFlingerConfigs)
-# As opposed to the rules of most other HALs, the different services exposed by
-# this HAL should be restricted to different clients. Thus, the allow rules for
-# clients are defined in the .te files of the clients.
+hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs)
 
 # hal_configstore runs with a strict seccomp filter. Use crash_dump's
 # fallback path to collect crash data.
-- 
GitLab