diff options
Diffstat (limited to 'prebuilts/api/32.0/private/technical_debt.cil')
| -rw-r--r-- | prebuilts/api/32.0/private/technical_debt.cil | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/prebuilts/api/32.0/private/technical_debt.cil b/prebuilts/api/32.0/private/technical_debt.cil new file mode 100644 index 000000000..9b3e3c6ad --- /dev/null +++ b/prebuilts/api/32.0/private/technical_debt.cil @@ -0,0 +1,71 @@ +; THIS IS A WORKAROUND for the current limitations of the module policy language +; This should be used sparingly until we figure out a saner way to achieve the +; stuff below, for example, by improving typeattribute statement of module +; language. +; +; NOTE: This file has no effect on recovery policy. + +; Apps, except isolated apps, are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_allocator_client; +; typeattribute hal_allocator_client halclientdomain; +(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app)))))) +(typeattributeset halclientdomain (hal_allocator_client)) + +; Apps, except isolated apps, are clients of OMX-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Codec2-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Drm-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Configstore HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_configstore_client; +(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Graphics Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client; +(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Cas HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app)))))) + +; Domains hosting Camera HAL implementations are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute hal_camera hal_allocator_client; +(typeattributeset hal_allocator_client (hal_camera)) + +; Apps, except isolated apps, are clients of Neuralnetworks HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client; +(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app)))))) + +; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes. +; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators. +; Unfortunately, we can't currently express this in module policy language: +; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators; +; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators; +(typeattribute untrusted_app_visible_hwservice) +(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice)) +(typeattribute untrusted_app_visible_halserver) +(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver)) + +; Apps, except isolated apps, are clients of BufferHub HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app)))))) + +; Properties having both system_property_type and vendor_property_type are illegal +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type; +(typeattribute system_and_vendor_property_type) +(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type)))) |