Fix sepolicy for Gatekeeper HAL

This patch fixes Gatekeeper HAL rules. Bug: 34260418 Test: Device boots with gatekeeper_hal using hwbinder and gatekeeperd does not fall back to software. Change-Id: I6aaacb08faaa7a90506ab569425dc525334c8171

Fix sepolicy for Gatekeeper HAL
This patch fixes Gatekeeper HAL rules. Bug: 34260418 Test: Device boots with gatekeeper_hal using hwbinder and gatekeeperd does not fall back to software. Change-Id: I6aaacb08faaa7a90506ab569425dc525334c8171
12e960e6 · Janis Danisevskis · 11ce09bc · 12e960e6 · 12e960e6
Commit 12e960e6 authored 8 years ago by Janis Danisevskis
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -15,7 +15,6 @@ allow gatekeeperd system_file:dir r_dir_perms;
 ### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
 ### These rules should eventually be granted only when needed.
-hwbinder_use(gatekeeperd)
 hal_client_domain(gatekeeperd, hal_gatekeeper)
 ###

--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
-# call into gatekeeperd process (callbacks)
+binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
-# TODO: This rules is unlikely to be needed because Gatekeeper HIDL
-# says there are no callbacks
-binder_call(hal_gatekeeper, gatekeeperd)
 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;