Merge "Revert "Add sepolicies for CPU HAL.""

This commit is contained in:
Lakshman Annadorai 2022-11-09 20:57:15 +00:00 committed by Gerrit Code Review
commit 9691a41b0a
13 changed files with 0 additions and 34 deletions

View file

@ -43,7 +43,6 @@ var (
"android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
"android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
"android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
"android.hardware.cpu.monitor.IMonitor/default": EXCEPTION_NO_FUZZER,
"android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
"android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
"android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,

View file

@ -13,8 +13,6 @@
devicelock_service
hal_bootctl_service
hal_cas_service
hal_cpu_hwservice
hal_cpu_service
hal_remoteaccess_service
hal_thermal_service
hal_usb_gadget_service

View file

@ -27,7 +27,6 @@ android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_c
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
android.hardware.cpu.monitor::IMonitor u:object_r:hal_cpu_hwservice:s0
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0

View file

@ -21,7 +21,6 @@ android.hardware.camera.provider.ICameraProvider/internal/0 u:object_r:
android.hardware.cas.IMediaCasService/default u:object_r:hal_cas_service:s0
android.hardware.confirmationui.IConfirmationUI/default u:object_r:hal_confirmationui_service:s0
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
android.hardware.cpu.monitor.IMonitor/default u:object_r:hal_cpu_service:s0
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0

View file

@ -310,7 +310,6 @@ hal_client_domain(system_server, hal_broadcastradio)
hal_client_domain(system_server, hal_codec2)
hal_client_domain(system_server, hal_configstore)
hal_client_domain(system_server, hal_contexthub)
hal_client_domain(system_server, hal_cpu)
hal_client_domain(system_server, hal_face)
hal_client_domain(system_server, hal_fingerprint)
hal_client_domain(system_server, hal_gnss)
@ -392,7 +391,6 @@ allow system_server {
hal_bluetooth_server
hal_camera_server
hal_codec2_server
hal_cpu_server
hal_face_server
hal_fingerprint_server
hal_gnss_server

View file

@ -333,7 +333,6 @@ hal_attribute(codec2);
hal_attribute(configstore);
hal_attribute(confirmationui);
hal_attribute(contexthub);
hal_attribute(cpu);
hal_attribute(dice);
hal_attribute(drm);
hal_attribute(dumpstate);

View file

@ -82,7 +82,6 @@ allow dumpstate {
hal_broadcastradio_server
hal_camera_server
hal_codec2_server
hal_cpu_server
hal_drm_server
hal_evs_server
hal_face_server
@ -152,7 +151,6 @@ binder_call(dumpstate, { appdomain netd wificond })
# Allow dumpstate to call dump() on specific hals.
dump_hal(hal_authsecret)
dump_hal(hal_contexthub)
dump_hal(hal_cpu)
dump_hal(hal_drm)
dump_hal(hal_dumpstate)
dump_hal(hal_face)

View file

@ -1,9 +0,0 @@
# HwBinder IPC from client to server, and callbacks
binder_call(hal_cpu_client, hal_cpu_server)
binder_call(hal_cpu_server, hal_cpu_client)
hal_attribute_hwservice(hal_cpu, hal_cpu_hwservice)
hal_attribute_service(hal_cpu, hal_cpu_service)
binder_call(hal_cpu_server, servicemanager)
binder_call(hal_cpu_client, servicemanager)

View file

@ -19,7 +19,6 @@ type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice;
type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
type hal_cpu_hwservice, hwservice_manager_type, protected_hwservice;
type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
type hal_face_hwservice, hwservice_manager_type, protected_hwservice;

View file

@ -276,7 +276,6 @@ type hal_camera_service, protected_service, hal_service_type, service_manager_ty
type hal_cas_service, hal_service_type, service_manager_type;
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
type hal_cpu_service, protected_service, hal_service_type, service_manager_type;
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
type hal_drm_service, hal_service_type, service_manager_type;
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;

View file

@ -72,7 +72,6 @@ userdebug_or_eng(`
typeattribute su hal_configstore_client;
typeattribute su hal_confirmationui_client;
typeattribute su hal_contexthub_client;
typeattribute su hal_cpu_client;
typeattribute su hal_drm_client;
typeattribute su hal_cas_client;
typeattribute su hal_dumpstate_client;

View file

@ -35,7 +35,6 @@
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub-service\.example u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cpu\.monitor-service\.example u:object_r:hal_cpu_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service(-lazy)?\.clearkey u:object_r:hal_drm_clearkey_aidl_exec:s0

View file

@ -1,11 +0,0 @@
type hal_cpu_default, domain;
hal_server_domain(hal_cpu_default, hal_cpu)
type hal_cpu_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_cpu_default)
# Allow reading /proc/stat
allow hal_cpu_default proc_stat:file r_file_perms;
# Allow reading cpuset information
allow hal_cpu_default cgroup:dir r_dir_perms;