19deb1f856
There is no need for this type to be declared because it is never registered with hwservicemanager. This has been removed in the past but it seems it didn't automerge. Bug: 109802374 Test: N/A Change-Id: Id9bbc5762b6dcc8066c8543cb93db937cc4fc858
101 lines
6.8 KiB
Text
101 lines
6.8 KiB
Text
# hwservice types. By default most of the HALs are protected_hwservice, which means
|
|
# access from untrusted apps is prohibited.
|
|
type default_android_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_audio_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_camera_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_health_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_ir_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_light_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_power_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_usb_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_vr_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice;
|
|
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
|
|
|
|
# Following is the hwservices that are explicitly not marked with protected_hwservice.
|
|
# These are directly accessible from untrusted apps.
|
|
# - same process services: because they by definition run in the process
|
|
# of the client and thus have the same access as the client domain in which
|
|
# the process runs
|
|
# - coredomain_hwservice: are considered safer than ordinary hwservices which
|
|
# are from vendor partition
|
|
# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
|
|
# designed for use by any domain.
|
|
# - hal_graphics_allocator_hwservice: because these operations are also offered
|
|
# by surfaceflinger Binder service, which apps are permitted to access
|
|
# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
|
|
# Binder service which apps were permitted to access.
|
|
# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
|
|
# - hal_drm_hwservice: versions > API 29 are designed specifically with
|
|
# untrusted app access in mind.
|
|
type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
|
|
type hal_cas_hwservice, hwservice_manager_type;
|
|
type hal_codec2_hwservice, hwservice_manager_type;
|
|
type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
|
|
type hal_drm_hwservice, hwservice_manager_type;
|
|
type hal_graphics_allocator_hwservice, hwservice_manager_type;
|
|
type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
|
|
type hal_neuralnetworks_hwservice, hwservice_manager_type;
|
|
type hal_omx_hwservice, hwservice_manager_type;
|
|
type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
|
|
type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice;
|
|
type hidl_base_hwservice, hwservice_manager_type;
|
|
type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
|
|
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
|
|
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
|
|
# hwservicemanager handles registering or looking up named services.
|
|
# It does not make sense to register or lookup something which is not a
|
|
# hwservice. Trigger a compile error if this occurs.
|
|
neverallow domain ~hwservice_manager_type:hwservice_manager { add find };
|