Put in sepolicies for Codec2.0 services Test: Builds Bug: 64121714 Bug: 31973802 Change-Id: Id37be8726a8bb297e35bca494964fdbcc48c6a73 (cherry picked from commit 4be28894772bccf5604fd36a75d07bb64e826c88)

commit: 19a74ec88a5716da878af2d850c88b231d8dbfbe [log] [tgz]
author: Pawin Vongmasa <pawin@google.com> Wed Mar 28 21:09:23 2018 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Fri May 04 21:36:41 2018 +0000
tree: f0b81e6acf63e5641fd124e17796efe77463cd08
parent: 7a4af30b385d0a2a6c6093a6814492c4c18603b3 [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index ca18c03..819408a 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -173,10 +173,12 @@
 #   by surfaceflinger Binder service, which apps are permitted to access
 # - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
 #   Binder service which apps were permitted to access.
+# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
 neverallow all_untrusted_apps {
   hwservice_manager_type
   -same_process_hwservice
   -coredomain_hwservice
+  -hal_codec2_hwservice
   -hal_configstore_ISurfaceFlingerConfigs
   -hal_graphics_allocator_hwservice
   -hal_omx_hwservice
commit	19a74ec88a5716da878af2d850c88b231d8dbfbe	[log] [tgz]
author	Pawin Vongmasa <pawin@google.com>	Wed Mar 28 21:09:23 2018 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Fri May 04 21:36:41 2018 +0000
tree	f0b81e6acf63e5641fd124e17796efe77463cd08
parent	7a4af30b385d0a2a6c6093a6814492c4c18603b3 [diff] [blame]