Merge "Include GIA only on needed, expose GIA permission only if the target service exists" into main
This commit is contained in:
Kai Hsieh
Android (Google) Code Review
commit
e350d201d3
3 changed files with 24 additions and 15 deletions
|
|
@ -1,11 +1,19 @@
|
|||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy
|
||||
# GIA is not designed for AOSP
|
||||
ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy
|
||||
|
||||
PRODUCT_PACKAGES += gia
|
||||
PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager
|
||||
# If Pixel System Service exists, allow it to access GIA
|
||||
ifeq (,$(filter factory_%, $(TARGET_PRODUCT)))
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy-pixelsystemservice
|
||||
endif
|
||||
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager
|
||||
PRODUCT_PACKAGES += gia
|
||||
PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager
|
||||
|
||||
DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml
|
||||
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core
|
||||
PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager
|
||||
|
||||
DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml
|
||||
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml
|
||||
endif
|
||||
|
|
|
|||
8
input/gia/sepolicy-pixelsystemservice/gia.te
Normal file
8
input/gia/sepolicy-pixelsystemservice/gia.te
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# SEPolicies to be configured only if and only if Pixel System Service exists on the device
|
||||
|
||||
# allow pixelsystemservice_app to communicate with gia
|
||||
binder_use(pixelsystemservice_app)
|
||||
hal_client_domain(pixelsystemservice_app, hal_gia)
|
||||
|
||||
# allow gia to execute callback for pixelsystemservice_app
|
||||
binder_call(gia, pixelsystemservice_app)
|
||||
|
|
@ -16,10 +16,3 @@ hal_server_domain(gia, hal_gia)
|
|||
# allow gia for accessing touch related system file-nodes
|
||||
allow gia sysfs_touch_gti:dir r_dir_perms;
|
||||
allow gia sysfs_touch_gti:file rw_file_perms;
|
||||
|
||||
# allow pixelsystemservice_app to communicate with gia
|
||||
binder_use(pixelsystemservice_app)
|
||||
hal_client_domain(pixelsystemservice_app, hal_gia)
|
||||
|
||||
# allow gia to execute callback for pixelsystemservice_app
|
||||
binder_call(gia, pixelsystemservice_app)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue