gatekeeper HAL service: add security policy Change-Id: I79a305407c3a362d7be11f4c026f31f1e9666f1c Signed-off-by: Alexey Polyudov <apolyudov@google.com>

commit: a9ce208680b3a9c1ddcf9bfce886909b66297964 [log] [tgz]
author: Alexey Polyudov <apolyudov@google.com> Thu Oct 20 11:20:25 2016 -0700
committer: Alexey Polyudov <apolyudov@google.com> Tue Jan 03 14:05:04 2017 -0800
tree: 2c5d77b67cff893a9c38f60a7a4daefc09a1a9da
parent: cdbb19f136179102cb1ce36ec3845a30c416a855 [diff] [blame]
diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
new file mode 100644
index 0000000..27912b7
--- /dev/null
+++ b/public/hal_gatekeeper.te

@@ -0,0 +1,9 @@
+# hwbinder access
+hwbinder_use(hal_gatekeeper)
+
+# call into gatekeeperd process (callbacks)
+binder_call(hal_gatekeeper, gatekeeperd)
+
+# TEE access.
+allow hal_gatekeeper tee_device:chr_file rw_file_perms;
+allow hal_gatekeeper ion_device:chr_file r_file_perms;
commit	a9ce208680b3a9c1ddcf9bfce886909b66297964	[log] [tgz]
author	Alexey Polyudov <apolyudov@google.com>	Thu Oct 20 11:20:25 2016 -0700
committer	Alexey Polyudov <apolyudov@google.com>	Tue Jan 03 14:05:04 2017 -0800
tree	2c5d77b67cff893a9c38f60a7a4daefc09a1a9da
parent	cdbb19f136179102cb1ce36ec3845a30c416a855 [diff] [blame]