Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6fe344e350cadc4e82328e101b66cb81976083d1
commit6fe344e350cadc4e82328e101b66cb81976083d1[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Wed Jan 25 12:39:35 2017 -0800
committerAlex Klyubin <klyubin@google.com>Thu Jan 26 07:17:51 2017 -0800
tree3b0591f5d55edd9b0ff6414c3dbe3a94688993e8
parentcd597cd52aa58e5a4c39fc5b4b31a792436c7162 [diff]
Remove hal_gatekeeper from gatekeeperd domain

HAL clients should not be annotated with hal_x and haldomain. This may
grant them too much access. Instead, the policy needed for using
in-process HALs should be directly embedded into the client's domain
rules.

This partially reverts the moving of rules out of gatekeeperd in
commit a9ce208680b3a9c1ddcf9bfce886909b66297964.

Test: Set up PIN-protected secure lock screen, unlock screen, reboot,
      unlock. No SELinux denials in gatekeeperd or hal_gatekeeper*.
Bug: 34715716
Change-Id: If87c865461580ff861e7e228a96d315d319e1765
1 file changed
tree: 3b0591f5d55edd9b0ff6414c3dbe3a94688993e8
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. Android.mk
  6. CleanSpec.mk
  7. MODULE_LICENSE_PUBLIC_DOMAIN
  8. NOTICE
  9. PREUPLOAD.cfg
  10. README