Allow vr_hwc and virtual_touchpad to query for permissions
Allow the services to do binder calls to system_server in order to check
for app permissions.
Bug: 37542947
Test: Compiled and ran on device ensuring no permission errors
Change-Id: If91895607eb118f689cf2e11c63945e9f83bf2a0
diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index 8a28cf0..c2800e3 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -5,5 +5,12 @@
binder_service(virtual_touchpad)
add_service(virtual_touchpad, virtual_touchpad_service)
+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
+
# Requires access to /dev/uinput to create and feed the virtual device.
allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index 7488cc0..c0abdcd 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,8 @@
binder_service(vr_hwc)
binder_call(vr_hwc, surfaceflinger)
+# Needed to check for app permissions.
+binder_call(vr_hwc, system_server)
# TODO(dnicoara): Remove once vr_wm is disabled.
binder_call(vr_hwc, vr_wm)
@@ -25,3 +27,7 @@
# Allow connection to VR DisplayClient to get the primary display metadata
# (ie: size).
use_pdx(vr_hwc, surfaceflinger)
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow vr_hwc permission_service:service_manager find;