Merge "Apply full_treble_only to whole rule." am: 0fa0d1e596 am: 4aa78f8054 am: e9f70f7c35 Change-Id: I627802b54da2cb9e4bd7265f50ea78a0ce3bb7c6

commit: c0f11bf4a984c751378d501b8761fd7103dddf35 [log] [tgz]
author: Tri Vo <trong@google.com> Wed Jan 09 19:20:29 2019 -0800
committer: android-build-merger <android-build-merger@google.com> Wed Jan 09 19:20:29 2019 -0800
tree: e2b58455df3e75e3429ff0ef559cddc0ad433993
parent: aabee2a23c3a960b9142b58f5f3e8c399cfbe7c3 [diff]
parent: e9f70f7c35698f99bf3c679e4d42c977fbb26b08 [diff]
diff --git a/private/coredomain.te b/private/coredomain.te
index 7413515..1fc3b8a 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -178,7 +178,10 @@
 neverallow coredomain {
   iio_device
   radio_device
-  # TODO(b/120243891): HAL permission to tee_device is included into coredomain
-  # on non-Treble devices.
-  full_treble_only(`tee_device')
 }:chr_file { open read append write ioctl };
+
+# TODO(b/120243891): HAL permission to tee_device is included into coredomain
+# on non-Treble devices.
+full_treble_only(`
+  neverallow coredomain tee_device:chr_file { open read append write ioctl };
+')
commit	c0f11bf4a984c751378d501b8761fd7103dddf35	[log] [tgz]
author	Tri Vo <trong@google.com>	Wed Jan 09 19:20:29 2019 -0800
committer	android-build-merger <android-build-merger@google.com>	Wed Jan 09 19:20:29 2019 -0800
tree	e2b58455df3e75e3429ff0ef559cddc0ad433993
parent	aabee2a23c3a960b9142b58f5f3e8c399cfbe7c3 [diff]
parent	e9f70f7c35698f99bf3c679e4d42c977fbb26b08 [diff]