Merge "Do not grant access to TEE files for KeyMint HALs in system" into main

commit: dae6a45066e55a082fee0f02db99cd61d27d7da4 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Fri Sep 13 07:56:49 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Sep 13 07:56:49 2024 +0000
tree: ee102ffc31fa435614bfe2024f24d423376427d1
parent: 43cbbfb92801f1e4c7ac935ad97414d1125d7219 [diff]
parent: 0aa3c59ddf390807f7a0724b7d615788cd66c971 [diff]
diff --git a/private/hal_keymint.te b/private/hal_keymint.te
index ba29956..6c7b577 100644
--- a/private/hal_keymint.te
+++ b/private/hal_keymint.te

@@ -4,5 +4,5 @@
 hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
 binder_call(hal_keymint_server, servicemanager)
 
-allow hal_keymint_server tee_device:chr_file rw_file_perms;
-allow hal_keymint_server ion_device:chr_file r_file_perms;
+allow { hal_keymint_server -coredomain } tee_device:chr_file rw_file_perms;
+allow { hal_keymint_server -coredomain } ion_device:chr_file r_file_perms;
commit	dae6a45066e55a082fee0f02db99cd61d27d7da4	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Fri Sep 13 07:56:49 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Sep 13 07:56:49 2024 +0000
tree	ee102ffc31fa435614bfe2024f24d423376427d1
parent	43cbbfb92801f1e4c7ac935ad97414d1125d7219 [diff]
parent	0aa3c59ddf390807f7a0724b7d615788cd66c971 [diff]