commit a9d7b895da2a2b0ed3dd3c63e958af219a334a3a
author Alex Klyubin <klyubin@google.com> Wed Apr 26 04:48:42 2017 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Apr 26 04:48:43 2017 +0000
tree 81c00360581c58bfddba00e9022e9400780bdba9
parent 26564ce75457e53584d6e24e9b009cdea82cd665
parent 00657834b8a0200f9000a81237b7f45d6ea966d9

Merge "Assert ban on framework <-> vendor comms over VndBinder" into oc-dev

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 8ba1b0c..d8d846f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -22,7 +22,7 @@
 commontime_management                     u:object_r:commontime_management_service:s0
 common_time.clock                         u:object_r:mediaserver_service:s0
 common_time.config                        u:object_r:mediaserver_service:s0
-companion_device                          u:object_r:companion_device_service:s0
+companiondevice                           u:object_r:companion_device_service:s0
 connectivity                              u:object_r:connectivity_service:s0
 connmetrics                               u:object_r:connmetrics_service:s0
 consumer_ir                               u:object_r:consumer_ir_service:s0

public/hal_drm.te

diff --git a/public/hal_drm.te b/public/hal_drm.te
index 2600843..5a6bf5c 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -32,6 +32,9 @@
 allow hal_drm ion_device:chr_file rw_file_perms;
 allow hal_drm hal_graphics_allocator:fd use;
 
+# Allow access to fds allocated by mediaserver
+allow hal_drm mediaserver:fd use;
+
 # Allow access to app_data and media_data_files
 allow hal_drm media_data_file:dir create_dir_perms;
 allow hal_drm media_data_file:file create_file_perms;

tools/sepolicy-analyze/neverallow.c

diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index b288ea7..26ce144 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -173,9 +173,6 @@
         }
     }
 
-    if (warn && ebitmap_length(&typeset->types) == 0 && !(*flags))
-        fprintf(stderr, "Warning!  Empty type set\n");
-
     *ptr = p;
     return 0;
 err:

vendor/hal_audio_default.te

diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 65ad467..618166b 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -6,5 +6,5 @@
 
 hal_client_domain(hal_audio_default, hal_allocator)
 
-# TODO(b/37640821): Remove one Audio HAL is no longer granted access bluetooth daemon sockets
+# TODO(b/37640821): Remove once Audio HAL is no longer granted access to bluetooth daemon sockets
 typeattribute hal_audio_default socket_between_core_and_vendor_violators;