From f98650e4abbb3b258a3fab24de83c0e849c0ecb7 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 21 Feb 2017 15:35:16 -0800
Subject: [PATCH] Switch Fingerprint HAL policy to _client/_server

This switches Fingerprint HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Bluetooth HAL.

Domains which are clients of Fingerprint HAL, such as system_server
domain, are granted rules targeting hal_fingerprint only when the
Fingerprint HAL runs in passthrough mode (i.e., inside the client's
process). When the HAL runs in binderized mode (i.e., in another
process/domain, with clients talking to the HAL over HwBinder IPC),
rules targeting hal_fingerprint are not granted to client domains.

Domains which offer a binderized implementation of Fingerprint HAL,
such as hal_fingerprint_default domain, are always granted rules
targeting hal_fingerprint.

NOTE: This commit also removes unnecessary allow rules from
Fingerprint HAL, such access to servicemanager (not hwservicemanager)
and access to keystore daemon over Binder IPC. Fingerprint HAL does
not use this functionality anyway and shouldn't use it either.

Test: Enable fingerprint + PIN secure lock screen, confirm it unlocks
      with fingerprint or PIN
Test: Disable PIN (and thus fingerprint) secure lock screen
Test: make FingerprintDialog, install, make a fake purchase
Test: Add fingerprint_hidl_hal_test to device.mk, build & add to device,
      adb shell stop,
      adb shell /data/nativetest64/fingerprint_hidl_hal_test/fingerprint_hidl_hal_test -- all tests pass
Bug: 34170079

Change-Id: I6951c0f0640194c743ff7049357c77f5f21b71a1
---
 private/system_server.te          |  3 +--
 public/attributes                 |  2 ++
 public/hal_fingerprint.te         | 15 ++++-----------
 vendor/hal_fingerprint_default.te |  2 +-
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/private/system_server.te b/private/system_server.te
index 738a84eeb..a1f989935 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -170,7 +170,6 @@ binder_call(system_server, appdomain)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
-binder_call(system_server, hal_fingerprint)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
@@ -183,7 +182,7 @@ hwbinder_use(system_server)
 hwallocator_use(system_server)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_contexthub)
-binder_call(system_server, hal_fingerprint)
+hal_client_domain(system_server, hal_fingerprint)
 binder_call(system_server, hal_gnss);
 binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
diff --git a/public/attributes b/public/attributes
index 281724e14..033592255 100644
--- a/public/attributes
+++ b/public/attributes
@@ -139,6 +139,8 @@ attribute hal_drm_client;
 attribute hal_drm_server;
 attribute hal_dumpstate;
 attribute hal_fingerprint;
+attribute hal_fingerprint_client;
+attribute hal_fingerprint_server;
 attribute hal_gatekeeper;
 attribute hal_gnss;
 attribute hal_graphics_allocator;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 8405a7ea8..580ef3796 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -1,22 +1,15 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_fingerprint_client, hal_fingerprint_server)
+binder_call(hal_fingerprint_server, hal_fingerprint_client)
+
 # allow HAL module to read dir contents
 allow hal_fingerprint fingerprintd_data_file:file create_file_perms;
 
 # allow HAL module to read/write/unlink contents of this dir
 allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms;
 
-# Need to add auth tokens to KeyStore
-use_keystore(hal_fingerprint)
-allow hal_fingerprint keystore:keystore_key add_auth;
-
-# For permissions checking
-binder_call(hal_fingerprint, system_server);
-allow hal_fingerprint permission_service:service_manager find;
-
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-# Allow fingerprint to find and call keystore binder interfaces
-binder_use(hal_fingerprint);
-
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index c392a8583..2b9001ebd 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -1,5 +1,5 @@
 type hal_fingerprint_default, domain;
-hal_impl_domain(hal_fingerprint_default, hal_fingerprint)
+hal_server_domain(hal_fingerprint_default, hal_fingerprint)
 
 type hal_fingerprint_default_exec, exec_type, file_type;
 init_daemon_domain(hal_fingerprint_default)
-- 
GitLab