platform_system_sepolicy/public/hal_allocator.te
Tri Vo 90cf5a7fb3 same_process_hal_file: access to individual coredomains
Remove blanket coredomain access to same_process_hal_file in favor of
granular access. This change takes into account audits from go/sedenials
(our internal dogfood program)

Bug: 37211678
Test: m selinux_policy
Change-Id: I5634fb65c72d13007e40c131a600585a05b8c4b5
2018-10-26 18:03:01 +00:00

6 lines
321 B
Text

# HwBinder IPC from client to server
binder_call(hal_allocator_client, hal_allocator_server)
hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice)
allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find;
allow hal_allocator_client same_process_hal_file:file { execute read open getattr map };