Mark all clients of Allocator HAL
This change associates all domains which are clients of Allocator HAL
with hal_allocator_client and the, required for all HAL client
domains, halclientdomain.
This enables this commit to remove the now unnecessary hwallocator_use
macro because its binder_call(..., hal_allocator_server) is covered by
binder_call(hal_allocator_client, hal_allocator_server) added in this
commit.
Unfortunately apps, except isolated app, are clients of Allocator HAL
as well. This makes it hard to use the hal_client_domain(...,
hal_allocator) macro because it translates into "typeattribute" which
currently does not support being provided with a set of types, such as
{ appdomain -isolated_app }. As a workaround, hopefully until
typeattribute is improved, this commit expresses the necessary
association operation in CIL. private/technical_debt.cil introduced by
this commit is appended into the platform policy CIL file, thus
ensuring that the hack has effect on the final monolithic policy.
P. S. This change also removes Allocator HAL access from isolated_app.
Isolated app shouldn't have access to this HAL anyway.
Test: Google Play Music plays back radios
Test: Google Camera records video with sound and that video is then
successfully played back with sound
Test: YouTube app plays back clips with sound
Test: YouTube in Chrome plays back clips with sound
Bug: 34170079
Change-Id: Id00bba6fde83e7cf04fb58bc1c353c2f66333f92
2017-03-21 22:28:53 +01:00
|
|
|
; THIS IS A WORKAROUND for the current limitations of the module policy language
|
|
|
|
; This should be used sparingly until we figure out a saner way to achieve the
|
|
|
|
; stuff below, for example, by improving typeattribute statement of module
|
|
|
|
; language.
|
|
|
|
;
|
|
|
|
; NOTE: This file has no effect on recovery policy.
|
|
|
|
|
|
|
|
; Apps, except isolated apps, are clients of Allocator HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { appdomain -isolated_app } hal_allocator_client;
|
|
|
|
; typeattribute hal_allocator_client halclientdomain;
|
|
|
|
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
(typeattributeset halclientdomain (hal_allocator_client))
|
2017-03-30 04:08:34 +02:00
|
|
|
|
2018-05-31 01:43:17 +02:00
|
|
|
; Apps, except isolated apps, are clients of OMX-related services
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
|
2019-04-30 14:09:28 +02:00
|
|
|
; Apps, except isolated apps, are clients of Codec2-related services
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
|
2022-03-23 17:48:48 +01:00
|
|
|
; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services
|
2019-07-16 23:57:41 +02:00
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
2022-03-23 17:48:48 +01:00
|
|
|
(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app) (sdk_sandbox)))))))
|
2019-07-16 23:57:41 +02:00
|
|
|
|
2017-04-17 22:08:44 +02:00
|
|
|
; Apps, except isolated apps, are clients of Configstore HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { appdomain -isolated_app } hal_configstore_client;
|
|
|
|
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
|
2017-04-17 21:53:40 +02:00
|
|
|
; Apps, except isolated apps, are clients of Graphics Allocator HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
|
|
|
|
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
|
2017-09-26 21:58:29 +02:00
|
|
|
; Apps, except isolated apps, are clients of Cas HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { appdomain -isolated_app } hal_cas_client;
|
|
|
|
(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
|
2017-03-30 04:08:34 +02:00
|
|
|
; Domains hosting Camera HAL implementations are clients of Allocator HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute hal_camera hal_allocator_client;
|
|
|
|
(typeattributeset hal_allocator_client (hal_camera))
|
2017-12-15 23:16:25 +01:00
|
|
|
|
|
|
|
; Apps, except isolated apps, are clients of Neuralnetworks HAL
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
|
|
|
|
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
|
2018-07-29 01:48:06 +02:00
|
|
|
|
|
|
|
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
|
|
|
|
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
|
|
|
|
; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
|
|
|
|
(typeattribute untrusted_app_visible_hwservice)
|
|
|
|
(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
|
|
|
|
(typeattribute untrusted_app_visible_halserver)
|
|
|
|
(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
|
2019-01-05 04:14:07 +01:00
|
|
|
|
2020-11-26 13:50:23 +01:00
|
|
|
; Properties having both system_property_type and vendor_property_type are illegal
|
|
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
|
|
; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type;
|
|
|
|
(typeattribute system_and_vendor_property_type)
|
|
|
|
(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type))))
|