Google Git
Sign in
android / platform / system / sepolicy / 0f8d926^! / .
commit0f8d9261536dfe3c2370dd76059aee8bd059624d[log] [tgz]
authorAlex Deymo <deymo@google.com>Fri Apr 22 13:23:36 2016 -0700
committerAlex Deymo <deymo@google.com>Fri Apr 22 14:05:56 2016 -0700
tree8363997724ca090db3ab7df69e373cd51559f791
parent50ba6318419fc56366377c042f56cec5a2414c51 [diff]
Move boot_control HAL permissions to an attribute.

The boot_control HAL is library loaded by our daemons (like
update_engine and update_verifier) that interacts with the bootloader.
The actual implementation of this library is provided by the vendor and
its runtime permissions are tied to this implementation which varies a
lot based on how the bootloader and the partitions it uses are
structured.

This patch moves these permissions to an attribute so the attribute can
be expanded on each device without the need to repeat that on each one
of our daemons using the boot_control HAL.

Bug: 27107517
Change-Id: Idfe6a208720b49802b03f70fee4a3e73030dae2e

diff --git a/attributes b/attributes
index 485b3e9..42eb547 100644
--- a/attributes
+++ b/attributes

@@ -100,3 +100,8 @@
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
+
+# All domains that access the boot_control HAL. The permissions the HAL
+# requires are specific to the implementation provided in each device, but
+# common daemons need to be aware of those when calling into the HAL.
+attribute boot_control_hal;

diff --git a/boot_control_hal.te b/boot_control_hal.te
new file mode 100644
index 0000000..2a670b3
--- /dev/null
+++ b/boot_control_hal.te

@@ -0,0 +1,2 @@
+# Allow read/write bootctrl block device, if one is defined.
+allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;

diff --git a/update_engine.te b/update_engine.te
index cf614e6..33e8134 100644
--- a/update_engine.te
+++ b/update_engine.te

@@ -1,5 +1,6 @@
 # Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated;
+# update_engine uses the boot_control_hal.
+type update_engine, domain, domain_deprecated, boot_control_hal;
 type update_engine_exec, exec_type, file_type;
 type update_engine_data_file, file_type, data_file_type;
 
@@ -55,6 +56,3 @@
 
 # Allow update_engine to call the callback function provided by priv_app.
 binder_call(update_engine, priv_app)
-
-# Allow read/write bootctrl block device.
-allow update_engine bootctrl_block_device:blk_file rw_file_perms;

diff --git a/update_verifier.te b/update_verifier.te
index 42567fe..65438d3 100644
--- a/update_verifier.te
+++ b/update_verifier.te

@@ -1,10 +1,8 @@
 # update_verifier
-type update_verifier, domain;
+# update_verifier uses the boot_control_hal.
+type update_verifier, domain, boot_control_hal;
 type update_verifier_exec, exec_type, file_type;
 
 init_daemon_domain(update_verifier)
 
-# Raw writes to bootctrl block device
-allow update_verifier bootctrl_block_device:blk_file rw_file_perms;
-
 # TODO: Add rules to allow update_verifier to read system_block_device.