Merge "Sepolicy for IAshmem HIDL interface"

private/compat/28.0/28.0.ignore.cil

@@ -123,6 +123,7 @@
     su_tmpfs
     super_block_device
     sysfs_fs_f2fs
+    system_ashmem_hwservice
     system_bootstrap_lib_file
     system_event_log_tags_file
     system_lmk_prop

private/hwservice_contexts

@@ -76,6 +76,7 @@ android.hidl.base::IBase                                        u:object_r:hidl_
 android.hidl.manager::IServiceManager                           u:object_r:hidl_manager_hwservice:s0
 android.hidl.memory::IMapper                                    u:object_r:hidl_memory_hwservice:s0
 android.hidl.token::ITokenManager                               u:object_r:hidl_token_hwservice:s0
+android.system.ashmem::IAshmem                                  u:object_r:system_ashmem_hwservice:s0
 android.system.net.netd::INetd                                  u:object_r:system_net_netd_hwservice:s0
 android.system.suspend::ISystemSuspend                          u:object_r:system_suspend_hwservice:s0
 android.system.wifi.keystore::IKeystore                         u:object_r:system_wifi_keystore_hwservice:s0

public/app.te

@@ -357,8 +357,8 @@ allow appdomain audioserver_tmpfs:file { getattr map read write };
 allow appdomain system_server_tmpfs:file { getattr map read write };
 allow appdomain zygote_tmpfs:file { map read };
 
-# Allow vendor apps access to ashmemd to request /dev/ashmem fds.
-binder_call({ appdomain -coredomain }, ashmemd)
+# Allow vendor apps access to ashmem_server to request /dev/ashmem fds.
+binder_call({ appdomain -coredomain }, ashmem_server)
 
 ###
 ### Neverallow rules

public/ashmem_server.te

@@ -0,0 +1,3 @@
+hwbinder_use(ashmem_server)
+get_prop(ashmem_server, hwservicemanager_prop)
+add_hwservice(ashmem_server, system_ashmem_hwservice)

public/ashmemd.te

@@ -1 +1,3 @@
-type ashmemd, domain;
+# TODO(b/133869224): Make private once ashmemd
+# is cleaned up from vendor sepolicy.
+type ashmemd, domain, ashmem_server;

public/attributes

@@ -303,6 +303,7 @@ hal_attribute(wifi_supplicant);
 # from one core domain to another, without having to update the vendor image
 # which contains clients of this service.
 
+attribute ashmem_server;
 attribute camera_service_server;
 attribute display_service_server;
 attribute mediaswcodec_server;

public/domain.te

@@ -75,7 +75,7 @@ allow {
 } ashmem_device:chr_file rw_file_perms;
 
 # Allow using fds to /dev/ashmem.
-allow domain ashmemd:fd use;
+allow domain ashmem_server:fd use;
 
 # /dev/binder can be accessed by non-vendor domains and by apps
 allow {

public/hwservice.te

@@ -65,6 +65,7 @@ type hidl_base_hwservice, hwservice_manager_type;
 type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
 type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
 type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
+type system_ashmem_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;

public/installd.te

@@ -170,7 +170,7 @@ neverallow { domain -system_server -dumpstate -installd } installd_service:servi
 neverallow { domain -system_server -dumpstate } installd:binder call;
 neverallow installd {
     domain
-    -ashmemd
+    -ashmem_server
     -system_server
     -servicemanager
     userdebug_or_eng(`-su')

public/vold.te

@@ -302,7 +302,7 @@ neverallow {
 
 neverallow vold {
   domain
-  -ashmemd
+  -ashmem_server
   -hal_health_storage_server
   -hal_keymaster_server
   -system_suspend_server