Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8d92a9a16c7783932693527dc4ac97aa2565ce65^! / .
commit8d92a9a16c7783932693527dc4ac97aa2565ce65[log] [tgz]
authorJoel Galenson <jgalenson@google.com>Fri Jan 05 09:03:57 2018 -0800
committerJoel Galenson <jgalenson@google.com>Fri Jan 05 14:46:16 2018 -0800
tree209466381f47f28337534bba58bad7c439860883
parentfd9f7de71ee761c1adc2bd96d84c8a87c0449c69 [diff]
Update neverallow exception.

This fixes an incorrect exception in the neverallow rule.

Test: Built policy for all lunch targets.
Change-Id: I283833131c6f1fd741e934de24c838594ac38a18

diff --git a/public/domain.te b/public/domain.te
index f9b6688..142c10b 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -1116,10 +1116,12 @@
 neverallow * same_process_hwservice:hwservice_manager add;
 
 # On TREBLE devices, most coredomains should not access vendor_files.
+# TODO(b/71553434): Remove exceptions here.
 full_treble_only(`
   neverallow {
     coredomain
-    -halclientdomain
+    -appdomain
+    -bootanim
     -init
     -ueventd
     -crash_dump