Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4015af68 authored Feb 14, 2019 by dianlujitao

sepolicy: Break livedisplay hal policy into impl independent ones

 * LiveDisplay has different backends (QDCM, sysfs, etc.). QDCM impl
   doesn't use sysfs, sysfs impl doesn't use QC display service and
   vice versa, so don't abuse the "default" policy.

Change-Id: I87725a091ebe5db5beeb1619ce4daaac9636d808

parent 6fd87ce7

common/dynamic/hal_lineage_livedisplay.te

+0 −3

Original line number	Diff line number	Diff line
		@@ -3,6 +3,3 @@ binder_call(hal_lineage_livedisplay_client, hal_lineage_livedisplay_server)

		add_hwservice(hal_lineage_livedisplay_server, hal_lineage_livedisplay_hwservice)
		allow hal_lineage_livedisplay_client hal_lineage_livedisplay_hwservice:hwservice_manager find;

		# Grant access over LiveDisplay tuneables
		allow hal_lineage_livedisplay_server sysfs_livedisplay_tuneable:file rw_file_perms;

common/vendor/file_contexts

+1 −3

Original line number	Diff line number	Diff line
		@@ -5,9 +5,7 @@
		/(vendor\|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.aw2013 u:object_r:hal_light_default_exec:s0

		# LiveDisplay HAL
		/(vendor\|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-legacymm u:object_r:hal_lineage_livedisplay_default_exec:s0
		/(vendor\|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sdm u:object_r:hal_lineage_livedisplay_default_exec:s0
		/(vendor\|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs u:object_r:hal_lineage_livedisplay_default_exec:s0
		/(vendor\|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs u:object_r:hal_lineage_livedisplay_sysfs_exec:s0

		# Trust HAL
		/(vendor\|system/vendor)/bin/hw/vendor\.lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0

common/vendor/hal_lineage_livedisplay_default.te

deleted100644 → 0

+0 −8

Original line number	Diff line number	Diff line
		type hal_lineage_livedisplay_default, domain;
		hal_server_domain(hal_lineage_livedisplay_default, hal_lineage_livedisplay)

		type hal_lineage_livedisplay_default_exec, exec_type, vendor_file_type, file_type;
		init_daemon_domain(hal_lineage_livedisplay_default)

		# Allow LiveDisplay HAL's default implementation to use vendor-binder service
		vndbinder_use(hal_lineage_livedisplay_default)

common/vendor/hal_lineage_livedisplay_sysfs.te

0 → 100644

+8 −0

Original line number	Diff line number	Diff line
		type hal_lineage_livedisplay_sysfs, domain;
		hal_server_domain(hal_lineage_livedisplay_sysfs, hal_lineage_livedisplay)

		type hal_lineage_livedisplay_sysfs_exec, exec_type, vendor_file_type, file_type;
		init_daemon_domain(hal_lineage_livedisplay_sysfs)

		# Grant access over LiveDisplay tuneables
		allow hal_lineage_livedisplay_sysfs sysfs_livedisplay_tuneable:file rw_file_perms;

qcom/dynamic/hal_lineage_livedisplay_qti.te

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		# Do not use add_service() as hal_graphics_composer_default may be the provider as well
		allow hal_lineage_livedisplay_qti qdisplay_service:service_manager find;

		binder_call(hal_lineage_livedisplay_qti, hal_graphics_composer_default)

		# Allow LiveDisplay to access vendor display property
		get_prop(hal_lineage_livedisplay_qti, vendor_display_prop)

		# Allow LiveDisplay to access pps socket
		unix_socket_connect(hal_lineage_livedisplay_qti, pps, mm-pp-daemon)