Merge "Sepolicy for vendor hals to access IAshmem"
am: 06984017b7
Change-Id: I0ad0f27bb7eb0de48899d3ca6ae6682a2b5f6d74
This commit is contained in:
Kalesh Singh
android-build-merger
commit
3b3bc95112
1 changed files with 5 additions and 0 deletions
|
|
@ -77,6 +77,11 @@ allow {
|
|||
# Allow using fds to /dev/ashmem.
|
||||
allow domain ashmem_server:fd use;
|
||||
|
||||
# Allow vendor hals to access IAshmem
|
||||
# TODO(b/134783601): Change to a whitelist.
|
||||
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
|
||||
allow { domain -coredomain -appdomain } ashmem_server: binder call;
|
||||
|
||||
# /dev/binder can be accessed by non-vendor domains and by apps
|
||||
allow {
|
||||
coredomain
|
||||
|
|
|
|||
Loading…
Reference in a new issue