4a478c47f4
Vendor and system components are only allowed to share files by passing open FDs over HIDL. Ban all directory access and all file accesses other than what can be applied to an open file: stat/read/write/append. This commit marks core data types as core_data_file_type and bans access to non-core domains with an exemption for apps. A temporary exemption is also granted to domains that currently rely on access with TODOs and bug number for each exemption. Bug: 34980020 Test: Build and boot Marlin. Make phone call, watch youtube video. No new denials observed. Change-Id: I320dd30f9f0a5bf2f9bb218776b4bccdb529b197
14 lines
494 B
Plaintext
14 lines
494 B
Plaintext
type hal_audio_default, domain;
|
|
hal_server_domain(hal_audio_default, hal_audio)
|
|
|
|
type hal_audio_default_exec, exec_type, file_type;
|
|
init_daemon_domain(hal_audio_default)
|
|
|
|
hal_client_domain(hal_audio_default, hal_allocator)
|
|
|
|
typeattribute hal_audio_default socket_between_core_and_vendor_violators;
|
|
# TODO (b/36601590) move hal_audio's data file to
|
|
# /data/vendor/hardware/hal_audio. Remove coredata_in_vendor_violators
|
|
# attribute.
|
|
typeattribute hal_audio_default coredata_in_vendor_violators;
|