From b96864eb9beed52609c17776770fb2a4431d8a0f Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Mon, 14 Aug 2017 09:29:34 -0700
Subject: [PATCH] DO NOT MERGE: Add a way to allow untrusted_apps to talk to
 halserver domains

Vendor HAL extentsions are currently allowed to discover hardware
services that are labelled with 'untrusted_app_visible_hwservice'.
However, the policy doesn't allow these apps to talk to these services.
This CL makes sure that is now possible via the
'untrusted_app_visible_halserver' attribute for vendor domains that host
such a service.

Bug: 64382381
Test: Boot device and observe no new denials.

Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 private/app_neverallows.te |  1 +
 public/attributes          | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 9ad7cfed6..c730d708b 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -225,5 +225,6 @@ full_treble_only(`
     -hal_graphics_allocator_server
     -hal_cas_server
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
+    -untrusted_app_visible_halserver
   }:binder { call transfer };
 ')
diff --git a/public/attributes b/public/attributes
index ffd6316ae..9ac302b36 100644
--- a/public/attributes
+++ b/public/attributes
@@ -157,6 +157,17 @@ expandattribute vendor_executes_system_violators false;
 # app-visibility.
 attribute untrusted_app_visible_hwservice;
 
+# halserver domains that are accessible to untrusted applications.  These
+# domains are typically those hosting  hwservices attributed by the
+# untrusted_app_visible_hwservice.
+# WARNING: Use of this attribute should be avoided unless absolutely necessary.
+# It is a temporary allowance to aid the transition to treble and will be
+# removed in the future platform version, requiring all halserver domains that
+# are labeled with this attribute to be submitted to AOSP in order to maintain
+# their app-visibility.
+attribute untrusted_app_visible_halserver;
+expandattribute untrusted_app_visible_halserver false;
+
 # PDX services
 attribute pdx_endpoint_dir_type;
 attribute pdx_endpoint_socket_type;
-- 
GitLab