cas: add CAS hal and switch to use hwservice

bug: 22804304

Change-Id: I7162905d698943d127aa52804396e4765498d028

private/app_neverallows.te

@@ -154,6 +154,7 @@ neverallow all_untrusted_apps {
   # HwBinder version of mediacodec Binder service which apps were permitted to
   # access
   -hal_omx_hwservice
+  -hal_cas_hwservice
 }:hwservice_manager find;
 # HwBinder services offered by core components (as opposed to vendor components)
 # are considered somewhat safer due to point #2 above.
@@ -178,6 +179,7 @@ full_treble_only(`
     -coredomain
     -hal_configstore_server
     -hal_graphics_allocator_server
+    -hal_cas_server
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
   }:binder { call transfer };
 ')

private/ephemeral_app.te

@@ -27,7 +27,6 @@ allow ephemeral_app mediaextractor_service:service_manager find;
 allow ephemeral_app mediacodec_service:service_manager find;
 allow ephemeral_app mediametrics_service:service_manager find;
 allow ephemeral_app mediadrmserver_service:service_manager find;
-allow ephemeral_app mediacasserver_service:service_manager find;
 allow ephemeral_app surfaceflinger_service:service_manager find;
 allow ephemeral_app radio_service:service_manager find;
 allow ephemeral_app ephemeral_app_api_service:service_manager find;

private/hwservice_contexts

@@ -10,6 +10,7 @@ android.hardware.broadcastradio::IBroadcastRadioFactory         u:object_r:hal_a
 android.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 android.hardware.configstore::ISurfaceFlingerConfigs            u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
 android.hardware.contexthub::IContexthub                        u:object_r:hal_contexthub_hwservice:s0
+android.hardware.cas::IMediaCasService                          u:object_r:hal_cas_hwservice:s0
 android.hardware.drm::ICryptoFactory                            u:object_r:hal_drm_hwservice:s0
 android.hardware.drm::IDrmFactory                               u:object_r:hal_drm_hwservice:s0
 android.hardware.dumpstate::IDumpstateDevice                    u:object_r:hal_dumpstate_hwservice:s0

private/platform_app.te

@@ -46,7 +46,6 @@ allow platform_app mediametrics_service:service_manager find;
 allow platform_app mediaextractor_service:service_manager find;
 allow platform_app mediacodec_service:service_manager find;
 allow platform_app mediadrmserver_service:service_manager find;
-allow platform_app mediacasserver_service:service_manager find;
 allow platform_app persistent_data_block_service:service_manager find;
 allow platform_app radio_service:service_manager find;
 allow platform_app surfaceflinger_service:service_manager find;

private/priv_app.te

@@ -27,7 +27,6 @@ allow priv_app drmserver_service:service_manager find;
 allow priv_app mediacodec_service:service_manager find;
 allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediadrmserver_service:service_manager find;
-allow priv_app mediacasserver_service:service_manager find;
 allow priv_app mediaextractor_service:service_manager find;
 allow priv_app mediaserver_service:service_manager find;
 allow priv_app nfc_service:service_manager find;

private/service_contexts

@@ -89,7 +89,6 @@ media.resource_manager                    u:object_r:mediaserver_service:s0
 media.radio                               u:object_r:audioserver_service:s0
 media.sound_trigger_hw                    u:object_r:audioserver_service:s0
 media.drm                                 u:object_r:mediadrmserver_service:s0
-media.cas                                 u:object_r:mediacasserver_service:s0
 media_projection                          u:object_r:media_projection_service:s0
 media_resource_monitor                    u:object_r:media_session_service:s0
 media_router                              u:object_r:media_router_service:s0

private/system_server.te

@@ -554,7 +554,6 @@ allow system_server mediametrics_service:service_manager find;
 allow system_server mediaextractor_service:service_manager find;
 allow system_server mediacodec_service:service_manager find;
 allow system_server mediadrmserver_service:service_manager find;
-allow system_server mediacasserver_service:service_manager find;
 allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;

private/technical_debt.cil

@@ -22,6 +22,11 @@
 ;     typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
 (typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
 
+; Apps, except isolated apps, are clients of Cas HAL
+; Unfortunately, we can't currently express this in module policy language:
+;     typeattribute { appdomain -isolated_app } hal_cas_client;
+(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
+
 ; Domains hosting Camera HAL implementations are clients of Allocator HAL
 ; Unfortunately, we can't currently express this in module policy language:
 ;     typeattribute hal_camera hal_allocator_client;

private/untrusted_app_all.te

@@ -70,7 +70,6 @@ allow untrusted_app_all mediaextractor_service:service_manager find;
 allow untrusted_app_all mediacodec_service:service_manager find;
 allow untrusted_app_all mediametrics_service:service_manager find;
 allow untrusted_app_all mediadrmserver_service:service_manager find;
-allow untrusted_app_all mediacasserver_service:service_manager find;
 allow untrusted_app_all nfc_service:service_manager find;
 allow untrusted_app_all radio_service:service_manager find;
 allow untrusted_app_all surfaceflinger_service:service_manager find;

private/untrusted_v2_app.te

@@ -32,7 +32,6 @@ allow untrusted_v2_app mediaextractor_service:service_manager find;
 allow untrusted_v2_app mediacodec_service:service_manager find;
 allow untrusted_v2_app mediametrics_service:service_manager find;
 allow untrusted_v2_app mediadrmserver_service:service_manager find;
-allow untrusted_v2_app mediacasserver_service:service_manager find;
 allow untrusted_v2_app nfc_service:service_manager find;
 allow untrusted_v2_app radio_service:service_manager find;
 allow untrusted_v2_app surfaceflinger_service:service_manager find;

public/attributes

@@ -212,6 +212,12 @@ attribute hal_drm_client;
 expandattribute hal_drm_client true;
 attribute hal_drm_server;
 expandattribute hal_drm_server true;
+attribute hal_cas;
+expandattribute hal_cas true;
+attribute hal_cas_client;
+expandattribute hal_cas_client true;
+attribute hal_cas_server;
+expandattribute hal_cas_server true;
 attribute hal_dumpstate;
 expandattribute hal_dumpstate true;
 attribute hal_dumpstate_client;

public/domain.te

@@ -457,6 +457,7 @@ neverallow {
   -adbd
   -dumpstate
   -hal_drm
+  -hal_cas
   -init
   -mediadrmserver
   -recovery
@@ -543,7 +544,6 @@ full_treble_only(`
     -cameraserver_service
     -drmserver_service
     -keystore_service
-    -mediacasserver_service
     -mediadrmserver_service
     -mediaextractor_service
     -mediametrics_service

public/hal_cas.te

@@ -0,0 +1,37 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_cas_client, hal_cas_server)
+binder_call(hal_cas_server, hal_cas_client)
+
+add_hwservice(hal_cas_server, hal_cas_hwservice)
+allow hal_cas_client hal_cas_hwservice:hwservice_manager find;
+allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
+
+# Permit reading device's serial number from system properties
+get_prop(hal_cas, serialno_prop)
+
+# Read files already opened under /data
+allow hal_cas system_data_file:dir { search getattr };
+allow hal_cas system_data_file:file { getattr read };
+allow hal_cas system_data_file:lnk_file r_file_perms;
+
+# Read access to pseudo filesystems
+r_dir_file(hal_cas, cgroup)
+allow hal_cas cgroup:dir { search write };
+allow hal_cas cgroup:file w_file_perms;
+
+# Allow access to ion memory allocation device
+allow hal_cas ion_device:chr_file rw_file_perms;
+allow hal_cas hal_graphics_allocator:fd use;
+
+allow hal_cas tee_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# hal_cas should never execute any executable without a
+# domain transition
+neverallow hal_cas { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm hal_cas domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;

public/hwservice.te

@@ -9,6 +9,7 @@ type hal_camera_hwservice, hwservice_manager_type;
 type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
 type hal_contexthub_hwservice, hwservice_manager_type;
 type hal_drm_hwservice, hwservice_manager_type;
+type hal_cas_hwservice, hwservice_manager_type;
 type hal_dumpstate_hwservice, hwservice_manager_type;
 type hal_fingerprint_hwservice, hwservice_manager_type;
 type hal_gatekeeper_hwservice, hwservice_manager_type;

public/mediacodec.te

@@ -37,6 +37,8 @@ add_hwservice(mediacodec, hal_omx_hwservice)
 
 hal_client_domain(mediacodec, hal_allocator)
 
+hal_client_domain(mediacodec, hal_cas)
+
 # allocate and use graphic buffers
 hal_client_domain(mediacodec, hal_graphics_allocator)
 

public/mediadrmserver.te

@@ -18,8 +18,6 @@ allow mediadrmserver processinfo_service:service_manager find;
 allow mediadrmserver surfaceflinger_service:service_manager find;
 allow mediadrmserver system_file:dir r_dir_perms;
 
-add_service(mediadrmserver, mediacasserver_service)
-
 binder_call(mediadrmserver, mediacodec)
 ###
 ### neverallow rules

public/mediaextractor.te

@@ -11,10 +11,12 @@ binder_service(mediaextractor)
 
 add_service(mediaextractor, mediaextractor_service)
 allow mediaextractor mediametrics_service:service_manager find;
-allow mediaextractor mediacasserver_service:service_manager find;
+allow mediaextractor hidl_token_hwservice:hwservice_manager find;
 
 allow mediaextractor system_server:fd use;
 
+hal_client_domain(mediaextractor, hal_cas)
+
 r_dir_file(mediaextractor, cgroup)
 allow mediaextractor proc_meminfo:file r_file_perms;
 

public/service.te

@@ -18,7 +18,6 @@ type mediametrics_service,      service_manager_type;
 type mediaextractor_service,    service_manager_type;
 type mediacodec_service,        service_manager_type;
 type mediadrmserver_service,    service_manager_type;
-type mediacasserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;

vendor/file_contexts

@@ -9,6 +9,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service    u:object_r:hal_configstore_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service            u:object_r:hal_drm_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service            u:object_r:hal_cas_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service           u:object_r:hal_gnss_default_exec:s0

vendor/hal_cas_default.te

@@ -0,0 +1,6 @@
+type hal_cas_default, domain;
+hal_server_domain(hal_cas_default, hal_cas)
+
+type hal_cas_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_cas_default)
+