Allow vr_hwc and virtual_touchpad to query for permissions

Allow the services to do binder calls to system_server in order to check for app permissions. Bug: 37542947 Test: Compiled and ran on device ensuring no permission errors Change-Id: If91895607eb118f689cf2e11c63945e9f83bf2a0
2017-04-20 17:34:52 -04:00 · 2017-04-20 17:34:52 -04:00 · 1fc0755033
commit 1fc0755033
parent 5227638394
2 changed files with 13 additions and 0 deletions
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@ -5,5 +5,12 @@ binder_use(virtual_touchpad)
 binder_service(virtual_touchpad)
 add_service(virtual_touchpad, virtual_touchpad_service)

+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
+
 # Requires access to /dev/uinput to create and feed the virtual device.
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@ -8,6 +8,8 @@ binder_use(vr_hwc)
 binder_service(vr_hwc)

 binder_call(vr_hwc, surfaceflinger)
+# Needed to check for app permissions.
+binder_call(vr_hwc, system_server)
 # TODO(dnicoara): Remove once vr_wm is disabled.
 binder_call(vr_hwc, vr_wm)

@ -25,3 +27,7 @@ allow vr_hwc ion_device:chr_file r_file_perms;
 # Allow connection to VR DisplayClient to get the primary display metadata
 # (ie: size).
 use_pdx(vr_hwc, surfaceflinger)
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow vr_hwc permission_service:service_manager find;