Merge "Remove rules blocking vrcore_app to connect to VR HWC and VirtualTouchpad" into oc-dev

a5647da3 · TreeHugger Robot · Android (Google) Code Review · a9d7b895 · 52276383 · a5647da3
Commit a5647da3 authored 7 years ago by TreeHugger Robot Committed by Android (Google) Code Review 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -549,6 +549,8 @@ full_treble_only(`
    -nfc_service
    -radio_service
    -surfaceflinger_service
+    -virtual_touchpad_service
+    -vr_hwc_service
    -vr_manager_service
  }:service_manager find;
  neverallow {

--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -7,6 +7,3 @@ add_service(virtual_touchpad, virtual_touchpad_service)
 # Requires access to /dev/uinput to create and feed the virtual device.
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
-# Limit access so that nothing else can inject input.
-neverallow { domain -virtual_touchpad -vr_wm } virtual_touchpad_service:service_manager find;
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,7 @@ binder_use(vr_hwc)
 binder_service(vr_hwc)
 binder_call(vr_hwc, surfaceflinger)
+# TODO(dnicoara): Remove once vr_wm is disabled.
 binder_call(vr_hwc, vr_wm)
 add_service(vr_hwc, vr_hwc_service)
@@ -24,6 +25,3 @@ allow vr_hwc ion_device:chr_file r_file_perms;
 # Allow connection to VR DisplayClient to get the primary display metadata
 # (ie: size).
 use_pdx(vr_hwc, surfaceflinger)
-# Limit access so only vr_wm can connect.
-neverallow { domain -vr_hwc -vr_wm } vr_hwc_service:service_manager find;