Merge "Treble devices use binderized HALs" into oc-dev am: 8015cfd532

am: 129eec0771

Change-Id: I8e796a48250552076a7393937c473bdab4646c44

private/system_server.te

@@ -200,11 +200,6 @@ hal_client_domain(system_server, hal_weaver)
 hal_client_domain(system_server, hal_wifi)
 hal_client_domain(system_server, hal_wifi_offload)
 
-# TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full
-# Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a
-# vendor type. system_server, being a non-vendor component, is not permitted to touch that socket.
-typeattribute system_server socket_between_core_and_vendor_violators;
-
 hal_client_domain(system_server, hal_wifi_supplicant)
 
 # Talk to tombstoned to get ANR traces.

public/te_macros

@@ -175,15 +175,17 @@ define(`hal_client_domain', `
 typeattribute $1 halclientdomain;
 typeattribute $1 $2_client;
 
-# TODO(b/34170079): Make the inclusion of the rules below conditional,
-# once we know at build time whether a HAL is going to run in
-# passthrough or binderized mode.
+# TODO(b/34170079): Make the inclusion of the rules below conditional also on
+# non-Treble devices. For now, on non-Treble device, always grant clients of a
+# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
+not_full_treble(`
 typeattribute $1 $2;
 # Find passthrough HAL implementations
 allow $2 system_file:dir r_dir_perms;
 allow $2 vendor_file:dir r_dir_perms;
 allow $2 vendor_file:file { read open getattr execute };
 ')
+')
 
 #####################################
 # passthrough_hal_client_domain(domain, hal_type)