tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/tee.te
Alex Klyubin 0f6c047d2e tee domain is a vendor domain 
As a result, Keymaster and DRM HALs are permitted to talk to tee domain
over sockets. Unfortunately, the tee domain needs to remain on the
exemptions list because drmserver, mediaserver, and surfaceflinger are
currently permitted to talk to this domain over sockets.

We need to figure out why global policy even defines a TEE domain...

Test: mmm system/sepolicy
Bug: 36601092
Bug: 36601602
Bug: 36714625
Bug: 36715266
Change-Id: I0b95e23361204bd046ae5ad22f9f953c810c1895
2017-03-29 13:13:27 -07:00

5 lines
230 B
Text
Raw Blame History

init_daemon_domain(tee)
# TODO(b/36714625, b/36715266): Remove this once drmserver, mediaserver, and surfaceflinger no
# longer communicate with tee daemon over sockets
typeattribute tee socket_between_core_and_vendor_violators;
Reference in a new issue View git blame Copy permalink