Merge "Sepolicy for vendor hals to access IAshmem"
This commit is contained in:
commit
06984017b7
@ -77,6 +77,11 @@ allow {
|
||||
# Allow using fds to /dev/ashmem.
|
||||
allow domain ashmem_server:fd use;
|
||||
|
||||
# Allow vendor hals to access IAshmem
|
||||
# TODO(b/134783601): Change to a whitelist.
|
||||
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
|
||||
allow { domain -coredomain -appdomain } ashmem_server: binder call;
|
||||
|
||||
# /dev/binder can be accessed by non-vendor domains and by apps
|
||||
allow {
|
||||
coredomain
|
||||
|
Loading…
Reference in New Issue
Block a user