9e6b24c6a5
This switches most remaining HALs to the _client/_server approach. To unblock efforts blocked on majority of HALs having to use this model, this change does not remove unnecessary rules from clients of these HALs. That work will be performed in follow-up commits. This commit only adds allow rules and thus does not break existing functionality. The HALs not yet on the _client/_server model after this commit are: * Allocator HAL, because it's non-trivial to declare all apps except isolated apps as clients of this HAL, which they are. * Boot HAL, because it's still on the non-attributized model and I'm waiting for update_engine folks to answer a couple of questions which will let me refactor the policy of this HAL. Test: mmm system/sepolicy Test: Device boots, no new denials Test: Device boots in recovery mode, no new denials Bug: 34170079 Change-Id: I03e6bcec2fa02f14bdf17d11f7367b62c68a14b9
5 lines
196 B
Text
5 lines
196 B
Text
type hal_gatekeeper_default, domain;
|
|
hal_server_domain(hal_gatekeeper_default, hal_gatekeeper)
|
|
|
|
type hal_gatekeeper_default_exec, exec_type, file_type;
|
|
init_daemon_domain(hal_gatekeeper_default);
|