From a1c94c8d25d7290c9177e0e18d857e6d42f42648 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 25 Apr 2017 21:06:54 -0700
Subject: [PATCH] hal_camera: remove video_device restriction

Disallowing other HALs access to video_device does not appear to be
enforceable.

(cherry picked from commit c26dd18aebdf7fccaafd307666a92549f155e5fd)

Bug: 37669506
Test: build policy. Neverallow rules are build time test and do not
      impact the policy binary.
Change-Id: Iea401de08a63f3261a461f67b85113a9d838e88a
---
 public/hal_camera.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/public/hal_camera.te b/public/hal_camera.te
index 3c15e85f9..413a057bc 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -32,6 +32,5 @@ neverallow hal_camera { file_type fs_type }:file execute_no_trans;
 # hal_camera should never need network access. Disallow network sockets.
 neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
 
-# Only camera HAL may directly access the camera and video hardware
+# Only camera HAL may directly access the camera hardware
 neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
-neverallow { halserverdomain -coredomain -hal_camera_server } video_device:chr_file *;
-- 
GitLab