1; THIS IS A WORKAROUND for the current limitations of the module policy language 2; This should be used sparingly until we figure out a saner way to achieve the 3; stuff below, for example, by improving typeattribute statement of module 4; language. 5; 6; NOTE: This file has no effect on recovery policy. 7 8; Apps, except isolated apps, are clients of Allocator HAL 9; Unfortunately, we can't currently express this in module policy language: 10; typeattribute { appdomain -isolated_app } hal_allocator_client; 11; typeattribute hal_allocator_client halclientdomain; 12(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app)))))) 13(typeattributeset halclientdomain (hal_allocator_client)) 14 15; Apps, except isolated apps, are clients of OMX-related services 16; Unfortunately, we can't currently express this in module policy language: 17(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app)))))) 18 19; Apps, except isolated apps, are clients of Codec2-related services 20; Unfortunately, we can't currently express this in module policy language: 21(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app)))))) 22 23; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services 24; Unfortunately, we can't currently express this in module policy language: 25(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app) (sdk_sandbox))))))) 26 27; Apps, except isolated apps, are clients of Configstore HAL 28; Unfortunately, we can't currently express this in module policy language: 29; typeattribute { appdomain -isolated_app } hal_configstore_client; 30(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app)))))) 31 32; Apps, except isolated apps, are clients of Graphics Allocator HAL 33; Unfortunately, we can't currently express this in module policy language: 34; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client; 35(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app)))))) 36 37; Apps, except isolated apps, are clients of Cas HAL 38; Unfortunately, we can't currently express this in module policy language: 39; typeattribute { appdomain -isolated_app } hal_cas_client; 40(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app)))))) 41 42; Domains hosting Camera HAL implementations are clients of Allocator HAL 43; Unfortunately, we can't currently express this in module policy language: 44; typeattribute hal_camera hal_allocator_client; 45(typeattributeset hal_allocator_client (hal_camera)) 46 47; Apps, except isolated apps, are clients of Neuralnetworks HAL 48; Unfortunately, we can't currently express this in module policy language: 49; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client; 50(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app)))))) 51 52; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes. 53; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators. 54; Unfortunately, we can't currently express this in module policy language: 55; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators; 56; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators; 57(typeattribute untrusted_app_visible_hwservice) 58(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice)) 59(typeattribute untrusted_app_visible_halserver) 60(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver)) 61 62; Properties having both system_property_type and vendor_property_type are illegal 63; Unfortunately, we can't currently express this in module policy language: 64; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type; 65(typeattribute system_and_vendor_property_type) 66(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type)))) 67