Merge "Move domain_deprecated into private policy" into oc-dev
diff --git a/Android.mk b/Android.mk
index dd37341..b7db00b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -10,7 +10,7 @@
# is made which breaks compatibility with the previous platform sepolicy version,
# not just on every increase in PLATFORM_SDK_VERSION. The minor version should
# be reset to 0 on every bump of the PLATFORM_SDK_VERSION.
-sepolicy_major_vers := 25
+sepolicy_major_vers := 26
sepolicy_minor_vers := 0
ifneq ($(sepolicy_major_vers), $(PLATFORM_SDK_VERSION))
diff --git a/private/system_server.te b/private/system_server.te
index f391aa5..925c82d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -181,6 +181,7 @@
hal_client_domain(system_server, hal_ir)
hal_client_domain(system_server, hal_light)
hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_oemlock)
allow system_server hal_omx_hwservice:hwservice_manager find;
allow system_server hidl_token_hwservice:hwservice_manager find;
hal_client_domain(system_server, hal_power)
@@ -191,6 +192,7 @@
hal_client_domain(system_server, hal_usb)
hal_client_domain(system_server, hal_vibrator)
hal_client_domain(system_server, hal_vr)
+hal_client_domain(system_server, hal_weaver)
hal_client_domain(system_server, hal_wifi)
hal_client_domain(system_server, hal_wifi_supplicant)
diff --git a/public/attributes b/public/attributes
index c1c1c0b..c9c3f8b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -222,6 +222,9 @@
attribute hal_nfc;
attribute hal_nfc_client;
attribute hal_nfc_server;
+attribute hal_oemlock;
+attribute hal_oemlock_client;
+attribute hal_oemlock_server;
attribute hal_power;
attribute hal_power_client;
attribute hal_power_server;
@@ -249,6 +252,9 @@
attribute hal_vr;
attribute hal_vr_client;
attribute hal_vr_server;
+attribute hal_weaver;
+attribute hal_weaver_client;
+attribute hal_weaver_server;
attribute hal_wifi;
attribute hal_wifi_client;
attribute hal_wifi_server;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index 3c15e85..413a057 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -32,6 +32,5 @@
# hal_camera should never need network access. Disallow network sockets.
neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
-# Only camera HAL may directly access the camera and video hardware
+# Only camera HAL may directly access the camera hardware
neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
-neverallow { halserverdomain -coredomain -hal_camera_server } video_device:chr_file *;
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
new file mode 100644
index 0000000..dcbb964
--- /dev/null
+++ b/public/hal_oemlock.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+# binder_call(hal_oemlock_client, hal_oemlock_server)
diff --git a/public/hal_weaver.te b/public/hal_weaver.te
new file mode 100644
index 0000000..1910cf1
--- /dev/null
+++ b/public/hal_weaver.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+# binder_call(hal_weaver_client, hal_weaver_server)