From ed4625f353c3cdde4bb0acadefb09ad62b7718d2 Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Fri, 17 Mar 2017 09:58:02 +0900
Subject: [PATCH] Allow app to access configstore HAL

Apps should be able to access the configstore HAL since framework
libraries which are loaded into app process can call configstore.

Letting apps have direct access to this HAL is OK because:

(1) the API of this HAL does not make clients provide any sensitive
information to the HAL, which makes it impossible for the HAL to
disclose sensitive information of its clients when the HAL is
compromised,

(2) we will require that this HAL is binderized (i.e., does not run
inside the process of its clients),

(3) we will require that this HAL runs in a tight seccomp sandbox
(this HAL doesn't need much access, if at all) and,

(4) we'll restrict the HALs powers via neverallows.

Test: apps can use configstore hal.

Change-Id: I04836b7318fbc6ef78deff770a22c68ce7745fa9
---
 private/app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/app.te b/private/app.te
index 1b1f4ca0a..04be106f3 100644
--- a/private/app.te
+++ b/private/app.te
@@ -246,6 +246,9 @@ auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write app
 # Allow app to access the graphic allocator HAL
 binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
 
+# App can access configstore HAL which is read only
+binder_call({ appdomain -isolated_app }, hal_configstore)
+
 # Allow app to access shared memory created by camera HAL1
 allow { appdomain -isolated_app } hal_camera:fd use;
 
-- 
GitLab