Revert "Move boot_control_hal attribute to hal_boot domain"
This reverts commit 1f3294659d7d122ba87dc35632aa47df5cb6a81b.
Bug: 32973182
Change-Id: Ic0277b38b0249710a4f1fc362e777f3880ff096b
diff --git a/public/hal_boot.te b/public/hal_boot.te
index 3cbbb29..327fbf9 100644
--- a/public/hal_boot.te
+++ b/public/hal_boot.te
@@ -1,5 +1,5 @@
# boot_control subsystem
-type hal_boot, domain, boot_control_hal;
+type hal_boot, domain;
type hal_boot_exec, exec_type, file_type;
# hwbinder access
diff --git a/public/update_engine.te b/public/update_engine.te
index f409627..a3dee0d 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -1,5 +1,6 @@
# Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated, update_engine_common;
+# update_engine uses the boot_control_hal.
+type update_engine, domain, domain_deprecated, update_engine_common, boot_control_hal;
type update_engine_exec, exec_type, file_type;
type update_engine_data_file, file_type, data_file_type;
@@ -32,7 +33,3 @@
# Read OTA zip file at /data/ota_package/.
allow update_engine ota_package_file:file r_file_perms;
allow update_engine ota_package_file:dir r_dir_perms;
-
-# Use binderized boot HAL.
-hwbinder_use(update_engine)
-binder_call(update_engine, hal_boot)
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 45761e2..550cf65 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -1,5 +1,6 @@
# update_verifier
-type update_verifier, domain;
+# update_verifier uses the boot_control_hal.
+type update_verifier, domain, boot_control_hal;
type update_verifier_exec, exec_type, file_type;
# Allow update_verifier to reach block devices in /dev/block.
@@ -12,7 +13,8 @@
# Read all blocks in system partition.
allow update_verifier system_block_device:blk_file r_file_perms;
-# Use binderized boot HAL.
+# Use binderized HAL
hwbinder_use(update_verifier)
binder_call(update_verifier, hal_boot)
+allow update_verifier system_file:dir r_dir_perms;