Merge "Fix sepolicy for Gatekeeper HAL" am: 9d5f97b3 am: dfded77d

am: 5939dc8d Change-Id: I9e97e5dede3b58db66dc3391e48f247b890e82d7

Merge "Fix sepolicy for Gatekeeper HAL" am: 9d5f97b3 am: dfded77d
516dd246 · Janis Danisevskis · android-build-merger · 30577414 · 5939dc8d · 516dd246
Commit 516dd246 authored 8 years ago by Janis Danisevskis Committed by android-build-merger 8 years ago
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -15,7 +15,6 @@ allow gatekeeperd system_file:dir r_dir_perms;

 ### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
 ### These rules should eventually be granted only when needed.
-hwbinder_use(gatekeeperd)
 hal_client_domain(gatekeeperd, hal_gatekeeper)
 ###


--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
-# call into gatekeeperd process (callbacks)
-# TODO: This rules is unlikely to be needed because Gatekeeper HIDL
-# says there are no callbacks
-binder_call(hal_gatekeeper, gatekeeperd)
+binder_call(hal_gatekeeper_client, hal_gatekeeper_server)

 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;