From b40eb255a7ce73c75253e17f7632078a32fe7196 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Wed, 3 Jan 2018 13:18:53 -0800
Subject: [PATCH] Update neverallow exception.

After offline discussions, we decided that this was the proper
exception to the neverallow rule.

Test: Built policy.

Change-Id: Ic1603bfdd803151ccfb79f90195b83b616acc873
---
 public/domain.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/public/domain.te b/public/domain.te
index f9b66880e..142c10b20 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1116,10 +1116,12 @@ neverallow ~coredomain coredomain_hwservice:hwservice_manager add;
 neverallow * same_process_hwservice:hwservice_manager add;
 
 # On TREBLE devices, most coredomains should not access vendor_files.
+# TODO(b/71553434): Remove exceptions here.
 full_treble_only(`
   neverallow {
     coredomain
-    -halclientdomain
+    -appdomain
+    -bootanim
     -init
     -ueventd
     -crash_dump
-- 
GitLab