Do not grant access to TEE files for KeyMint HALs in system The KeyMint HALs in system will connect to the Trusty VM in system. They don't need to access TEE. Bug: 366163337 Test: m Change-Id: Ie72774060ced5c53867051c0a1523b0d4453195e

commit: 0aa3c59ddf390807f7a0724b7d615788cd66c971 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Thu Sep 12 18:15:06 2024 +0000
committer: Alice Wang <aliceywang@google.com> Thu Sep 12 18:15:06 2024 +0000
tree: 0098075d99050ce30669516f4ffc9c87135ef15d
parent: 9110b67fa753f1c38286c7e413de500817848ccd [diff]
diff --git a/private/hal_keymint.te b/private/hal_keymint.te
index ba29956..6c7b577 100644
--- a/private/hal_keymint.te
+++ b/private/hal_keymint.te

@@ -4,5 +4,5 @@
 hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
 binder_call(hal_keymint_server, servicemanager)
 
-allow hal_keymint_server tee_device:chr_file rw_file_perms;
-allow hal_keymint_server ion_device:chr_file r_file_perms;
+allow { hal_keymint_server -coredomain } tee_device:chr_file rw_file_perms;
+allow { hal_keymint_server -coredomain } ion_device:chr_file r_file_perms;
commit	0aa3c59ddf390807f7a0724b7d615788cd66c971	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Thu Sep 12 18:15:06 2024 +0000
committer	Alice Wang <aliceywang@google.com>	Thu Sep 12 18:15:06 2024 +0000
tree	0098075d99050ce30669516f4ffc9c87135ef15d
parent	9110b67fa753f1c38286c7e413de500817848ccd [diff]