f86d54f0d1
The tee domain is a vendor domain. Thus it cannot be accessed by
non-vendor components over Unix domain sockets.
It appears that the rules granting this access are not needed.
Test: Flash a clean build with this change. Confirm that bullhead,
angler, sailfish, ryu, boot without new denials.
Confirm that YouTube, Netflix, Google Play Movies play back
videos without new denials.
Bug: 36714625
Bug: 36715266
Change-Id: I639cecd07c9a3cfb257e62622b51b7823613472a
5 lines
203 B
Text
5 lines
203 B
Text
# HwBinder IPC from client to server
|
|
binder_call(hal_keymaster_client, hal_keymaster_server)
|
|
|
|
allow hal_keymaster tee_device:chr_file rw_file_perms;
|
|
allow hal_keymaster ion_device:chr_file r_file_perms;
|