0f6c047d2e
As a result, Keymaster and DRM HALs are permitted to talk to tee domain over sockets. Unfortunately, the tee domain needs to remain on the exemptions list because drmserver, mediaserver, and surfaceflinger are currently permitted to talk to this domain over sockets. We need to figure out why global policy even defines a TEE domain... Test: mmm system/sepolicy Bug: 36601092 Bug: 36601602 Bug: 36714625 Bug: 36715266 Change-Id: I0b95e23361204bd046ae5ad22f9f953c810c1895
13 lines
467 B
Text
13 lines
467 B
Text
type hal_drm_default, domain;
|
|
hal_server_domain(hal_drm_default, hal_drm)
|
|
|
|
type hal_drm_default_exec, exec_type, file_type;
|
|
init_daemon_domain(hal_drm_default)
|
|
|
|
allow hal_drm_default mediacodec:fd use;
|
|
allow hal_drm_default { appdomain -isolated_app }:fd use;
|
|
|
|
# TODO (b/36601695) remove hal_drm's access to /data or move to
|
|
# /data/vendor/hardware/hal_drm. Remove coredata_in_vendor_violators
|
|
# attribute.
|
|
typeattribute hal_drm_default coredata_in_vendor_violators;
|