From be714f6fa34a76623a957c70c8316ebe9c904c60 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 7 Dec 2022 09:46:04 +0800 Subject: [PATCH] restart domain Bug: 254378739 Test: boot to home Change-Id: I63a3e22ccbee16dd3f186e76fa698d2e7454c057 --- legacy/whitechapel_pro/file_contexts | 1 - legacy/whitechapel_pro/google_camera_app.te | 15 --------------- legacy/whitechapel_pro/hal_uwb_vendor.te | 16 ---------------- legacy/whitechapel_pro/hal_uwb_vendor_default.te | 14 -------------- legacy/whitechapel_pro/seapp_contexts | 4 ---- tracking_denials/permissive.te | 3 +++ vendor/file_contexts | 1 + vendor/google_camera_app.te | 6 +++--- vendor/hal_uwb_vendor_default.te | 4 ++++ vendor/seapp_contexts | 3 +++ 10 files changed, 14 insertions(+), 53 deletions(-) delete mode 100644 legacy/whitechapel_pro/google_camera_app.te delete mode 100644 legacy/whitechapel_pro/hal_uwb_vendor.te delete mode 100644 legacy/whitechapel_pro/hal_uwb_vendor_default.te create mode 100644 vendor/hal_uwb_vendor_default.te diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index cb9c2666..df755e96 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -17,7 +17,6 @@ /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 # Vendor Firmwares diff --git a/legacy/whitechapel_pro/google_camera_app.te b/legacy/whitechapel_pro/google_camera_app.te deleted file mode 100644 index ad097810..00000000 --- a/legacy/whitechapel_pro/google_camera_app.te +++ /dev/null @@ -1,15 +0,0 @@ -type google_camera_app, domain, coredomain; -app_domain(google_camera_app) - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - -# Allows camera app to access the GXP device. -allow google_camera_app gxp_device:chr_file rw_file_perms; - -# Allows camera app to search for GXP firmware file. -allow google_camera_app vendor_fw_file:dir search; diff --git a/legacy/whitechapel_pro/hal_uwb_vendor.te b/legacy/whitechapel_pro/hal_uwb_vendor.te deleted file mode 100644 index dc11d6b8..00000000 --- a/legacy/whitechapel_pro/hal_uwb_vendor.te +++ /dev/null @@ -1,16 +0,0 @@ -# HwBinder IPC from client to server -binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server) -binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client) - -hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service) - -binder_call(hal_uwb_vendor_server, servicemanager) - -# allow hal_uwb_vendor to set wpan interfaces up and down -allow hal_uwb_vendor self:udp_socket create_socket_perms; -allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL }; -# TODO(b/190461440): Find a long term solution for this. -allow hal_uwb_vendor self:global_capability_class_set { net_admin }; - -# allow hal_uwb_vendor to speak to nl802154 in the kernel -allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl; diff --git a/legacy/whitechapel_pro/hal_uwb_vendor_default.te b/legacy/whitechapel_pro/hal_uwb_vendor_default.te deleted file mode 100644 index b287433f..00000000 --- a/legacy/whitechapel_pro/hal_uwb_vendor_default.te +++ /dev/null @@ -1,14 +0,0 @@ -type hal_uwb_vendor_default, domain; -type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(hal_uwb_vendor_default) - -hal_server_domain(hal_uwb_vendor_default, hal_uwb) -add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) - -hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) -binder_call(hal_uwb_vendor_default, uwb_vendor_app) - -allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms; -allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms; - -get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop) diff --git a/legacy/whitechapel_pro/seapp_contexts b/legacy/whitechapel_pro/seapp_contexts index c34ff929..7a2dd6d6 100644 --- a/legacy/whitechapel_pro/seapp_contexts +++ b/legacy/whitechapel_pro/seapp_contexts @@ -8,7 +8,3 @@ user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app # TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - - diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te index 769c26bc..dc109975 100644 --- a/tracking_denials/permissive.te +++ b/tracking_denials/permissive.te @@ -26,4 +26,7 @@ userdebug_or_eng(` permissive hal_usb_gadget_impl; permissive hal_usb_impl; permissive hal_camera_default; + permissive hal_uwb_vendor_default; + permissive google_camera_app; + permissive hal_uwb_vendor; ') diff --git a/vendor/file_contexts b/vendor/file_contexts index 264278f9..2d618c08 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -8,6 +8,7 @@ /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index a0ad7316..0ab7b06a 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,3 +1,3 @@ -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +type google_camera_app, domain, coredomain; +app_domain(google_camera_app) + diff --git a/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te new file mode 100644 index 00000000..d3bc4892 --- /dev/null +++ b/vendor/hal_uwb_vendor_default.te @@ -0,0 +1,4 @@ +type hal_uwb_vendor_default, domain; +type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_uwb_vendor_default) + diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index d9296e0d..f8d4e0f3 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -7,5 +7,8 @@ user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicag # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all