tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow app to access configstore HAL

Browse source 
Apps should be able to access the configstore HAL since framework
libraries which are loaded into app process can call configstore.

Letting apps have direct access to this HAL is OK because: 

(1) the API of this HAL does not make clients provide any sensitive 
information to the HAL, which makes it impossible for the HAL to 
disclose sensitive information of its clients when the HAL is 
compromised, 

(2) we will require that this HAL is binderized (i.e., does not run 
inside the process of its clients), 

(3) we will require that this HAL runs in a tight seccomp sandbox 
(this HAL doesn't need much access, if at all) and,

(4) we'll restrict the HALs powers via neverallows.

Test: apps can use configstore hal.

Change-Id: I04836b7318fbc6ef78deff770a22c68ce7745fa9
This commit is contained in:
Jiyong Park 2017-03-17 09:58:02 +09:00
parent 83011a266d
commit ed4625f353
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/app.te
View file

@ -246,6 +246,9 @@ auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write app
# Allow app to access the graphic allocator HAL
binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
# App can access configstore HAL which is read only
binder_call({ appdomain -isolated_app }, hal_configstore)
# Allow app to access shared memory created by camera HAL1
allow { appdomain -isolated_app } hal_camera:fd use;