From e17b293528890494b09460520c9f2e8838b59a0a Mon Sep 17 00:00:00 2001
From: Jiwen 'Steve' Cai <jwcai@google.com>
Date: Fri, 4 Jan 2019 19:14:07 -0800
Subject: [PATCH] Allow app to conntect to BufferHub service

Bug: 112940221
Test: AHardwareBufferTest
Change-Id: I1fd065844e03c7e079dc40b7f7dbb8968f1b00bc
---
 private/app_neverallows.te | 1 +
 private/technical_debt.cil | 5 +++++
 public/fwk_bufferhub.te    | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 0a8172692..9c96f1984 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -294,6 +294,7 @@ neverallow all_untrusted_apps {
 neverallow all_untrusted_apps {
   coredomain_hwservice
   -same_process_hwservice
+  -fwk_bufferhub_hwservice # Designed for use by any domain
   -hidl_allocator_hwservice # Designed for use by any domain
   -hidl_manager_hwservice # Designed for use by any domain
   -hidl_memory_hwservice # Designed for use by any domain
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 35db2b3f2..d1215fea8 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -50,3 +50,8 @@
 (typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
 (typeattribute untrusted_app_visible_halserver)
 (typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
+
+; Apps, except isolated apps, are clients of BufferHub HAL
+; Unfortunately, we can't currently express this in module policy language:
+;     typeattribute { appdomain -isolated_app } hal_cas_client;
+(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app))))))
diff --git a/public/fwk_bufferhub.te b/public/fwk_bufferhub.te
index 240f04b98..03486bd1e 100644
--- a/public/fwk_bufferhub.te
+++ b/public/fwk_bufferhub.te
@@ -1,4 +1,4 @@
 binder_call(hal_bufferhub_client, hal_bufferhub_server)
 binder_call(hal_bufferhub_server, hal_bufferhub_client)
 
-add_hwservice(hal_bufferhub_server, fwk_bufferhub_hwservice)
+hal_attribute_hwservice(hal_bufferhub, fwk_bufferhub_hwservice)
-- 
GitLab