Skip to content
Snippets Groups Projects
Commit 6fe344e3 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Remove hal_gatekeeper from gatekeeperd domain 

HAL clients should not be annotated with hal_x and haldomain. This may
grant them too much access. Instead, the policy needed for using
in-process HALs should be directly embedded into the client's domain
rules.

This partially reverts the moving of rules out of gatekeeperd in
commit a9ce2086.

Test: Set up PIN-protected secure lock screen, unlock screen, reboot,
      unlock. No SELinux denials in gatekeeperd or hal_gatekeeper*.
Bug: 34715716
Change-Id: If87c865461580ff861e7e228a96d315d319e1765
parent cd597cd5
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 5 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment