tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/technical_debt.cil
Alex Klyubin 75ca483215 surfaceflinger and apps are clients of Configstore HAL 
This commit marks surfaceflinger and app domain (except isolated_app)
as clients of Configstore HAL. This cleans up the policy and will make
it easier to restrict access to HwBinder services later.

Test: Play YouTube clip in YouTube app and YouTube web page in Chrome
Test: Take an HDR+ photo, a normal photo, a video, and slow motion
      video in Google Camera app. Check that photos show up fine and
      that videos play back with sound.
Test: Play movie using Google Play Movies
Test: Google Maps app displays the Android's correct location
Bug: 34454312
Change-Id: I0f468a4289132f4eaacfb1d13ce4e61604c2a371
2017-04-18 12:24:22 -07:00

28 lines
1.5 KiB
Text
Raw Blame History

; THIS IS A WORKAROUND for the current limitations of the module policy language
; This should be used sparingly until we figure out a saner way to achieve the
; stuff below, for example, by improving typeattribute statement of module
; language.
;
; NOTE: This file has no effect on recovery policy.
; Apps, except isolated apps, are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_allocator_client;
; typeattribute hal_allocator_client halclientdomain;
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
(typeattributeset halclientdomain (hal_allocator_client))
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
; Apps, except isolated apps, are clients of Graphics Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
; Domains hosting Camera HAL implementations are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
(typeattributeset hal_allocator_client (hal_camera))
Reference in a new issue View git blame Copy permalink