Revert^2 "Adds a sepolicy for EVS manager service"
0137c98b90d709c246d55c24eeea1204d6eca9a1
Bug: 216727303
Test: m -j selinux_policy on failed targets reported
in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
diff --git a/public/hal_evs.te b/public/hal_evs.te
index 789333a..e5e5fce 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@@ -1,5 +1,12 @@
hwbinder_use(hal_evs_client)
hwbinder_use(hal_evs_server)
+
binder_call(hal_evs_client, hal_evs_server)
binder_call(hal_evs_server, hal_evs_client)
-hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
+
+# Below lines are equivalent to hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
+# except it allows evsmanagerd to add hal_evs_hwservice.
+allow hal_evs_client hal_evs_hwservice:hwservice_manager find;
+allow hal_evs_server hal_evs_hwservice:hwservice_manager { add find };
+allow hal_evs_server hidl_base_hwservice:hwservice_manager add;
+neverallow { domain -hal_evs_server -evsmanagerd } hal_evs_hwservice:hwservice_manager add;