From 12e960e6c9c32b6ce276341312e0ce8da58bd812 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Mon, 20 Mar 2017 07:09:04 -0700
Subject: [PATCH] Fix sepolicy for Gatekeeper HAL

This patch fixes Gatekeeper HAL rules.

Bug: 34260418
Test: Device boots with gatekeeper_hal using hwbinder and
      gatekeeperd does not fall back to software.
Change-Id: I6aaacb08faaa7a90506ab569425dc525334c8171
---
 public/gatekeeperd.te    | 1 -
 public/hal_gatekeeper.te | 5 +----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index abecbda24..ff369567b 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -15,7 +15,6 @@ allow gatekeeperd system_file:dir r_dir_perms;
 
 ### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
 ### These rules should eventually be granted only when needed.
-hwbinder_use(gatekeeperd)
 hal_client_domain(gatekeeperd, hal_gatekeeper)
 ###
 
diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
index c428ebaf0..618a2ee64 100644
--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
@@ -1,7 +1,4 @@
-# call into gatekeeperd process (callbacks)
-# TODO: This rules is unlikely to be needed because Gatekeeper HIDL
-# says there are no callbacks
-binder_call(hal_gatekeeper, gatekeeperd)
+binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
 
 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;
-- 
GitLab