tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/30.0/private/technical_debt.cil
Inseob Kim 5131ff6544 DO NOT MERGE Add fake 30.0 prebuilts 
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.

Following types are removed.

boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop

Following type is renamed.

wificond_service -> wifinl80211_service

Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
2020-05-11 13:18:52 +09:00

65 lines
3.7 KiB
Text
Raw Blame History

; THIS IS A WORKAROUND for the current limitations of the module policy language
; This should be used sparingly until we figure out a saner way to achieve the
; stuff below, for example, by improving typeattribute statement of module
; language.
;
; NOTE: This file has no effect on recovery policy.
; Apps, except isolated apps, are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_allocator_client;
; typeattribute hal_allocator_client halclientdomain;
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
(typeattributeset halclientdomain (hal_allocator_client))
; Apps, except isolated apps, are clients of OMX-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Codec2-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Drm-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Graphics Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Cas HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_cas_client;
(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
; Domains hosting Camera HAL implementations are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
(typeattributeset hal_allocator_client (hal_camera))
; Apps, except isolated apps, are clients of Neuralnetworks HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
; Unfortunately, we can't currently express this in module policy language:
; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
(typeattribute untrusted_app_visible_hwservice)
(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
(typeattribute untrusted_app_visible_halserver)
(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
; Apps, except isolated apps, are clients of BufferHub HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_cas_client;
(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app))))))
Reference in a new issue View git blame Copy permalink