From 645abeaded64e3c7743619e9ffdc6eb3dadf673f Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 4 Apr 2017 14:05:08 -0700
Subject: [PATCH] tee no longer violates the socket comms ban

SELinux policy no longer has allow rules which permit core/non-vendor
domains to communicate with tee domain over sockets. This commit thus
removes tee from the list of temporary exceptions for the socket
communications prohibition.

Test: mmm system/sepolicy
Bug: 36714625
Bug: 36715266
Change-Id: Iccbd9ea0555b0c9f1cb6c5e0f5a6c0d3f8730b4d
---
 vendor/tee.te | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/vendor/tee.te b/vendor/tee.te
index 6278d4b09..ad43b24a0 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -6,10 +6,6 @@ typeattribute tee domain_deprecated;
 type tee_exec, exec_type, file_type;
 init_daemon_domain(tee)
 
-# TODO(b/36714625, b/36715266): Remove this once drmserver, mediaserver, and surfaceflinger no
-# longer communicate with tee daemon over sockets
-typeattribute tee socket_between_core_and_vendor_violators;
-
 allow tee self:capability { dac_override };
 allow tee tee_device:chr_file rw_file_perms;
 allow tee tee_data_file:dir rw_dir_perms;
-- 
GitLab