same_process_hal_file: access to individual coredomains Remove blanket coredomain access to same_process_hal_file in favor of granular access. This change takes into account audits from go/sedenials (our internal dogfood program) Bug: 37211678 Test: m selinux_policy Change-Id: I5634fb65c72d13007e40c131a600585a05b8c4b5

commit: 90cf5a7fb34e586ac1676f3f8fc66b64bfebf8a7 [log] [tgz]
author: Tri Vo <trong@google.com> Thu Oct 18 12:39:35 2018 -0700
committer: Tri Vo <trong@google.com> Fri Oct 26 18:03:01 2018 +0000
tree: 0899ce76271ce1f1d6d4c09955f6b38e935b507a
parent: 564eb9d6d679cac9a865ffd11178dc81c2a211cc [diff] [blame]
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
index b7e3ca5..6417b62 100644
--- a/public/hal_allocator.te
+++ b/public/hal_allocator.te

@@ -3,3 +3,4 @@
 
 hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice)
 allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find;
+allow hal_allocator_client same_process_hal_file:file { execute read open getattr map };
commit	90cf5a7fb34e586ac1676f3f8fc66b64bfebf8a7	[log] [tgz]
author	Tri Vo <trong@google.com>	Thu Oct 18 12:39:35 2018 -0700
committer	Tri Vo <trong@google.com>	Fri Oct 26 18:03:01 2018 +0000
tree	0899ce76271ce1f1d6d4c09955f6b38e935b507a
parent	564eb9d6d679cac9a865ffd11178dc81c2a211cc [diff] [blame]