2ee66e7d14
We install all default hal implementations in /vendor/bin/hw along with a few domains that are defined in vendor policy and installed in /vendor. These files MUST be a subset of the global 'vendor_file_type' which is used to address *all files installed in /vendor* throughout the policy. Bug: 36463595 Test: Boot sailfish without any new denials Change-Id: I3d26778f9a26f9095f49d8ecc12f2ec9d2f4cb41 Signed-off-by: Sandeep Patil <sspatil@google.com>
13 lines
485 B
Text
13 lines
485 B
Text
type hal_drm_default, domain;
|
|
hal_server_domain(hal_drm_default, hal_drm)
|
|
|
|
type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_drm_default)
|
|
|
|
allow hal_drm_default mediacodec:fd use;
|
|
allow hal_drm_default { appdomain -isolated_app }:fd use;
|
|
|
|
# TODO (b/36601695) remove hal_drm's access to /data or move to
|
|
# /data/vendor/hardware/hal_drm. Remove coredata_in_vendor_violators
|
|
# attribute.
|
|
typeattribute hal_drm_default coredata_in_vendor_violators;
|