-
Jeff Vander Stoep authoredHALs are intended to be limited responsibility and thus limited permission. In order to enforce this, place limitations on: 1. What processes may transition into a HAL - currently only init 2. What methods may be used to transition into a HAL - no using seclabel 3. When HALs exec - only allow exec with a domain transition. Bug: 36376258 Test: Build aosp_marlin, aosp_bullhead, aosp_dragon. Neverallow rules are compile time assertions, so building is a sufficient test. Change-Id: If4df19ced730324cf1079f7a86ceba7c71374131Jeff Vander Stoep authoredHALs are intended to be limited responsibility and thus limited permission. In order to enforce this, place limitations on: 1. What processes may transition into a HAL - currently only init 2. What methods may be used to transition into a HAL - no using seclabel 3. When HALs exec - only allow exec with a domain transition. Bug: 36376258 Test: Build aosp_marlin, aosp_bullhead, aosp_dragon. Neverallow rules are compile time assertions, so building is a sufficient test. Change-Id: If4df19ced730324cf1079f7a86ceba7c71374131