From 8d92a9a16c7783932693527dc4ac97aa2565ce65 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Fri, 5 Jan 2018 09:03:57 -0800
Subject: [PATCH] Update neverallow exception.

This fixes an incorrect exception in the neverallow rule.

Test: Built policy for all lunch targets.
Change-Id: I283833131c6f1fd741e934de24c838594ac38a18
---
 public/domain.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/public/domain.te b/public/domain.te
index f9b66880e..142c10b20 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1116,10 +1116,12 @@ neverallow ~coredomain coredomain_hwservice:hwservice_manager add;
 neverallow * same_process_hwservice:hwservice_manager add;
 
 # On TREBLE devices, most coredomains should not access vendor_files.
+# TODO(b/71553434): Remove exceptions here.
 full_treble_only(`
   neverallow {
     coredomain
-    -halclientdomain
+    -appdomain
+    -bootanim
     -init
     -ueventd
     -crash_dump
-- 
GitLab