platform_system_sepolicy/public/hal_gatekeeper.te

# call into gatekeeperd process (callbacks)
# TODO: This rules is unlikely to be needed because Gatekeeper HIDL
# says there are no callbacks
binder_call(hal_gatekeeper, gatekeeperd)

# TEE access.
allow hal_gatekeeper tee_device:chr_file rw_file_perms;
allow hal_gatekeeper ion_device:chr_file r_file_perms;
gatekeeper HAL service: add security policy Change-Id: I79a305407c3a362d7be11f4c026f31f1e9666f1c Signed-off-by: Alexey Polyudov <apolyudov@google.com> 2016-10-20 20:20:25 +02:00			`# call into gatekeeperd process (callbacks)`
Annotate most remaining HALs with _client/_server This switches most remaining HALs to the _client/_server approach. To unblock efforts blocked on majority of HALs having to use this model, this change does not remove unnecessary rules from clients of these HALs. That work will be performed in follow-up commits. This commit only adds allow rules and thus does not break existing functionality. The HALs not yet on the _client/_server model after this commit are: * Allocator HAL, because it's non-trivial to declare all apps except isolated apps as clients of this HAL, which they are. * Boot HAL, because it's still on the non-attributized model and I'm waiting for update_engine folks to answer a couple of questions which will let me refactor the policy of this HAL. Test: mmm system/sepolicy Test: Device boots, no new denials Test: Device boots in recovery mode, no new denials Bug: 34170079 Change-Id: I03e6bcec2fa02f14bdf17d11f7367b62c68a14b9 2017-03-17 02:48:40 +01:00			`# TODO: This rules is unlikely to be needed because Gatekeeper HIDL`
			`# says there are no callbacks`
gatekeeper HAL service: add security policy Change-Id: I79a305407c3a362d7be11f4c026f31f1e9666f1c Signed-off-by: Alexey Polyudov <apolyudov@google.com> 2016-10-20 20:20:25 +02:00			`binder_call(hal_gatekeeper, gatekeeperd)`

			`# TEE access.`
			`allow hal_gatekeeper tee_device:chr_file rw_file_perms;`
			`allow hal_gatekeeper ion_device:chr_file r_file_perms;`