0f6c047d2e
As a result, Keymaster and DRM HALs are permitted to talk to tee domain over sockets. Unfortunately, the tee domain needs to remain on the exemptions list because drmserver, mediaserver, and surfaceflinger are currently permitted to talk to this domain over sockets. We need to figure out why global policy even defines a TEE domain... Test: mmm system/sepolicy Bug: 36601092 Bug: 36601602 Bug: 36714625 Bug: 36715266 Change-Id: I0b95e23361204bd046ae5ad22f9f953c810c1895
7 lines
258 B
Text
7 lines
258 B
Text
# HwBinder IPC from client to server
|
|
binder_call(hal_keymaster_client, hal_keymaster_server)
|
|
|
|
allow hal_keymaster tee_device:chr_file rw_file_perms;
|
|
allow hal_keymaster tee:unix_stream_socket connectto;
|
|
|
|
allow hal_keymaster ion_device:chr_file r_file_perms;
|