Give hal_drm_server appdomain fd access. Test: Build. Change-Id: I29f68964f4ae2ad2c3a00c96f57f48448d8b6dfb

commit: 0608ab5f9d438eb2123072e15a4aa715f9a06a47 [log] [tgz]
author: Joel Galenson <jgalenson@google.com> Wed Jun 05 10:09:05 2019 -0700
committer: Joel Galenson <jgalenson@google.com> Wed Jun 05 10:12:28 2019 -0700
tree: 96fc47e882df75ee40bf9c2ef600cad1c5630603
parent: 848075e3303c511d413044574edcfe43c9d5097d [diff]
diff --git a/public/hal_drm.te b/public/hal_drm.te
index bfee2d3..d86edaf 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te

@@ -31,6 +31,8 @@
 
 allow hal_drm tee_device:chr_file rw_file_perms;
 
+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };

diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index 5bcbe9a..874e813 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te

@@ -5,6 +5,5 @@
 init_daemon_domain(hal_drm_default)
 
 allow hal_drm_default hal_omx_server:fd use;
-allow hal_drm_default { appdomain -isolated_app }:fd use;
 
 allow hal_drm_default hal_allocator_server:fd use;
commit	0608ab5f9d438eb2123072e15a4aa715f9a06a47	[log] [tgz]
author	Joel Galenson <jgalenson@google.com>	Wed Jun 05 10:09:05 2019 -0700
committer	Joel Galenson <jgalenson@google.com>	Wed Jun 05 10:12:28 2019 -0700
tree	96fc47e882df75ee40bf9c2ef600cad1c5630603
parent	848075e3303c511d413044574edcfe43c9d5097d [diff]