Give hal_drm_server appdomain fd access.

Test: Build. Change-Id: I29f68964f4ae2ad2c3a00c96f57f48448d8b6dfb
2019-06-05 10:09:05 -07:00 · 2019-06-05 10:09:05 -07:00 · 0608ab5f9d
commit 0608ab5f9d
parent 848075e330
2 changed files with 2 additions and 1 deletions
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@ -31,6 +31,8 @@ allow hal_drm sysfs:file r_file_perms;

 allow hal_drm tee_device:chr_file rw_file_perms;

+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
  ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@ -5,6 +5,5 @@ type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_drm_default)

 allow hal_drm_default hal_omx_server:fd use;
-allow hal_drm_default { appdomain -isolated_app }:fd use;

 allow hal_drm_default hal_allocator_server:fd use;