47174e3b9f
This switches Dumpstate HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Dumpstate HAL. Domains which are clients of Dumpstate HAL, such as dumpstate domain, are granted rules targeting hal_dumpstate only when the Dumpstate HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_dumpstate are not granted to client domains. Domains which offer a binderized implementation of Dumpstate HAL, such as hal_dumpstate_default domain, are always granted rules targeting hal_dumpstate. Test: adb bugreport Test: Take bugreport through system UI Bug: 34170079 Change-Id: I3e827534af03cdfa876921c5fa4af3a53025ba27
6 lines
292 B
Text
6 lines
292 B
Text
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_dumpstate_client, hal_dumpstate_server)
|
|
binder_call(hal_dumpstate_server, hal_dumpstate_client)
|
|
|
|
# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
|
|
allow hal_dumpstate shell_data_file:file write;
|