Skip to content
Snippets Groups Projects
Commit 645abead authored by Alex Klyubin's avatar Alex Klyubin
Browse files

tee no longer violates the socket comms ban 

SELinux policy no longer has allow rules which permit core/non-vendor
domains to communicate with tee domain over sockets. This commit thus
removes tee from the list of temporary exceptions for the socket
communications prohibition.

Test: mmm system/sepolicy
Bug: 36714625
Bug: 36715266
Change-Id: Iccbd9ea0555b0c9f1cb6c5e0f5a6c0d3f8730b4d
parent ea53e29f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 4 deletions
vendor/tee.te
+ 0
4
View file @ 645abead
...@@ -6,10 +6,6 @@ typeattribute tee domain_deprecated; ...@@ -6,10 +6,6 @@ typeattribute tee domain_deprecated;
type tee_exec, exec_type, file_type; type tee_exec, exec_type, file_type;
init_daemon_domain(tee) init_daemon_domain(tee)
# TODO(b/36714625, b/36715266): Remove this once drmserver, mediaserver, and surfaceflinger no
# longer communicate with tee daemon over sockets
typeattribute tee socket_between_core_and_vendor_violators;
allow tee self:capability { dac_override }; allow tee self:capability { dac_override };
allow tee tee_device:chr_file rw_file_perms; allow tee tee_device:chr_file rw_file_perms;
allow tee tee_data_file:dir rw_dir_perms; allow tee tee_data_file:dir rw_dir_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment