tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/31.0/private/technical_debt.cil
Inseob Kim 08d4c8fa6e Add fake 31.0 prebuilt 
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP
policy, but slightly modified so the set of types and attributes is a
subset of real 31.0 prebuilt (sc-dev policy).

Steps taken to make the fake prebuilt:

1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target
aosp_arm64-eng.
2) diff both outputs to find out which types and attributes don't exist.
3) remove all relevant files and statements.

As a result, the following types are removed.

artd
artd_exec
artd_service
power_stats_service
transformer_service
virtualizationservice
virtualizationservice_data_file
virtualizationservice_exec

Bug: 189161483
Test: N/A, will do after adding 31.0 mapping files.
Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf
Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
2021-06-15 12:08:00 +00:00

71 lines
4.1 KiB
Text
Raw Blame History

; THIS IS A WORKAROUND for the current limitations of the module policy language
; This should be used sparingly until we figure out a saner way to achieve the
; stuff below, for example, by improving typeattribute statement of module
; language.
;
; NOTE: This file has no effect on recovery policy.
; Apps, except isolated apps, are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_allocator_client;
; typeattribute hal_allocator_client halclientdomain;
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
(typeattributeset halclientdomain (hal_allocator_client))
; Apps, except isolated apps, are clients of OMX-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Codec2-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Drm-related services
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Graphics Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Cas HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_cas_client;
(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
; Domains hosting Camera HAL implementations are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
(typeattributeset hal_allocator_client (hal_camera))
; Apps, except isolated apps, are clients of Neuralnetworks HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
; Unfortunately, we can't currently express this in module policy language:
; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
(typeattribute untrusted_app_visible_hwservice)
(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
(typeattribute untrusted_app_visible_halserver)
(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
; Apps, except isolated apps, are clients of BufferHub HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_cas_client;
(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app))))))
; Properties having both system_property_type and vendor_property_type are illegal
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type;
(typeattribute system_and_vendor_property_type)
(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type))))
Reference in a new issue View git blame Copy permalink