Restrict sandbox access to drmservice Bug: 226390597 Test: atest SdkSandboxRestrictionsTest Change-Id: I49b55d66f1cdc1e8d65e3419460615822c3c3ef3

commit: 85dfe313e58d619c545a67f9b8093b2dca42e02f [log] [tgz]
author: Bram Bonne <brambonne@google.com> Wed Mar 23 17:48:48 2022 +0100
committer: Bram Bonne <brambonne@google.com> Thu Mar 24 14:09:46 2022 +0100
tree: 84ca6d4b3490c7149adc4012a3a0e089223fa638
parent: ee0b51e09900a73fbc89841f3dd7b3680dbfb7ed [diff] [blame]
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index 782bb46..4a7a9bb 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te

@@ -85,3 +85,5 @@
 neverallow sdk_sandbox { media_rw_data_file }:file no_rw_file_perms;
 
 neverallow { sdk_sandbox } tmpfs:dir no_rw_file_perms;
+
+neverallow sdk_sandbox hal_drm_service:service_manager find;
commit	85dfe313e58d619c545a67f9b8093b2dca42e02f	[log] [tgz]
author	Bram Bonne <brambonne@google.com>	Wed Mar 23 17:48:48 2022 +0100
committer	Bram Bonne <brambonne@google.com>	Thu Mar 24 14:09:46 2022 +0100
tree	84ca6d4b3490c7149adc4012a3a0e089223fa638
parent	ee0b51e09900a73fbc89841f3dd7b3680dbfb7ed [diff] [blame]