41518bec25
This switches Sensors HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Sensors HAL.
Domains which are clients of Sensors HAL, such as system_server, are
granted rules targeting hal_sensors only when the Sensors HAL runs in
passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_sensors are
not granted to client domains.
Domains which offer a binderized implementation of Sensors HAL, such
as hal_sensors_default domain, are always granted rules targeting
hal_sensors.
P. S. This commit also removes
allow system_server sensors_device:chr_file rw_file_perms
because this is device-specific and thus not needed in device-agnostic
policy. The device-specific policy of the affected devices already has
this rule.
Test: Device boots, no new denials
Test: adb shell dumpsys sensorservice
lists tons of sensors
Test: Proprietary sensors test app indicates that there are sensors
and that the app can register to listen for updates for sensors
and that such updates arrive to the app.
Bug: 34170079
Change-Id: I61bf779070eabcb64ae73724d62b6e837319a668
175 lines
4.8 KiB
Text
175 lines
4.8 KiB
Text
######################################
|
|
# Attribute declarations
|
|
#
|
|
|
|
# All types used for devices.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# in tools/checkfc.c
|
|
attribute dev_type;
|
|
|
|
# All types used for processes.
|
|
attribute domain;
|
|
|
|
# Temporary attribute used for migrating permissions out of domain.
|
|
# Motivation: Domain is overly permissive. Start removing permissions
|
|
# from domain and assign them to the domain_deprecated attribute.
|
|
# Domain_deprecated and domain can initially be assigned to all
|
|
# domains. The goal is to not assign domain_deprecated to new domains
|
|
# and to start removing domain_deprecated where it's not required or
|
|
# reassigning the appropriate permissions to the inheriting domain
|
|
# when necessary.
|
|
attribute domain_deprecated;
|
|
|
|
# All types used for filesystems.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute fs_type;
|
|
|
|
# All types used for context= mounts.
|
|
attribute contextmount_type;
|
|
|
|
# All types used for files that can exist on a labeled fs.
|
|
# Do not use for pseudo file types.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute file_type;
|
|
|
|
# All types used for domain entry points.
|
|
attribute exec_type;
|
|
|
|
# All types used for /data files.
|
|
attribute data_file_type;
|
|
|
|
# All types use for sysfs files.
|
|
attribute sysfs_type;
|
|
|
|
# All types use for debugfs files.
|
|
attribute debugfs_type;
|
|
|
|
# Attribute used for all sdcards
|
|
attribute sdcard_type;
|
|
|
|
# All types used for nodes/hosts.
|
|
attribute node_type;
|
|
|
|
# All types used for network interfaces.
|
|
attribute netif_type;
|
|
|
|
# All types used for network ports.
|
|
attribute port_type;
|
|
|
|
# All types used for property service
|
|
# On change, update CHECK_PC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute property_type;
|
|
|
|
# All properties defined in core SELinux policy. Should not be
|
|
# used by device specific properties
|
|
attribute core_property_type;
|
|
|
|
# All properties used to configure log filtering.
|
|
attribute log_property_type;
|
|
|
|
# All service_manager types created by system_server
|
|
attribute system_server_service;
|
|
|
|
# services which should be available to all but isolated apps
|
|
attribute app_api_service;
|
|
|
|
# services which should be available to all ephemeral apps
|
|
attribute ephemeral_app_api_service;
|
|
|
|
# services which export only system_api
|
|
attribute system_api_service;
|
|
|
|
# All types used for services managed by service_manager.
|
|
# On change, update CHECK_SC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute service_manager_type;
|
|
|
|
# All domains that can override MLS restrictions.
|
|
# i.e. processes that can read up and write down.
|
|
attribute mlstrustedsubject;
|
|
|
|
# All types that can override MLS restrictions.
|
|
# i.e. files that can be read by lower and written by higher
|
|
attribute mlstrustedobject;
|
|
|
|
# All domains used for apps.
|
|
attribute appdomain;
|
|
|
|
# All third party apps.
|
|
attribute untrusted_app_all;
|
|
|
|
# All domains used for apps with network access.
|
|
attribute netdomain;
|
|
|
|
# All domains used for apps with bluetooth access.
|
|
attribute bluetoothdomain;
|
|
|
|
# All domains used for binder service domains.
|
|
attribute binderservicedomain;
|
|
|
|
# All domains that access the boot_control HAL. The permissions the HAL
|
|
# requires are specific to the implementation provided in each device, but
|
|
# common daemons need to be aware of those when calling into the HAL.
|
|
attribute boot_control_hal;
|
|
|
|
# update_engine related domains that need to apply an update and run
|
|
# postinstall. This includes the background daemon and the sideload tool from
|
|
# recovery for A/B devices.
|
|
attribute update_engine_common;
|
|
|
|
# All HAL servers
|
|
attribute halserverdomain;
|
|
# All HAL clients
|
|
attribute halclientdomain;
|
|
|
|
# HALs
|
|
attribute hal_audio;
|
|
attribute hal_audio_client;
|
|
attribute hal_audio_server;
|
|
attribute hal_bluetooth;
|
|
attribute hal_bluetooth_client;
|
|
attribute hal_bluetooth_server;
|
|
attribute hal_camera;
|
|
attribute hal_camera_client;
|
|
attribute hal_camera_server;
|
|
attribute hal_configstore;
|
|
attribute hal_contexthub;
|
|
attribute hal_drm;
|
|
attribute hal_drm_client;
|
|
attribute hal_drm_server;
|
|
attribute hal_dumpstate;
|
|
attribute hal_dumpstate_client;
|
|
attribute hal_dumpstate_server;
|
|
attribute hal_fingerprint;
|
|
attribute hal_fingerprint_client;
|
|
attribute hal_fingerprint_server;
|
|
attribute hal_gatekeeper;
|
|
attribute hal_gnss;
|
|
attribute hal_graphics_allocator;
|
|
attribute hal_graphics_composer;
|
|
attribute hal_health;
|
|
attribute hal_ir;
|
|
attribute hal_keymaster;
|
|
attribute hal_keymaster_client;
|
|
attribute hal_keymaster_server;
|
|
attribute hal_light;
|
|
attribute hal_memtrack;
|
|
attribute hal_nfc;
|
|
attribute hal_power;
|
|
attribute hal_sensors;
|
|
attribute hal_sensors_client;
|
|
attribute hal_sensors_server;
|
|
attribute hal_telephony;
|
|
attribute hal_thermal;
|
|
attribute hal_usb;
|
|
attribute hal_vibrator;
|
|
attribute hal_vr;
|
|
attribute hal_wifi;
|
|
attribute hal_wifi_client;
|
|
attribute hal_wifi_server;
|
|
attribute hal_wifi_supplicant;
|
|
attribute hal_wifi_supplicant_client;
|
|
attribute hal_wifi_supplicant_server;
|