sepolicy: isolated_app -> isolated_app_all
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
diff --git a/legacy/vendor/common/domain.te b/legacy/vendor/common/domain.te
index 1475a30..ee0baa6 100644
--- a/legacy/vendor/common/domain.te
+++ b/legacy/vendor/common/domain.te
@@ -25,10 +25,10 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_socinfo);
-r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_soc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_esoc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_ssr);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_socinfo);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_soc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_esoc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_ssr);
#Reding of standard chip details need this
allow untrusted_app_all {
@@ -37,12 +37,12 @@
sysfs_esoc
sysfs_ssr
}:dir search;
-r_dir_file({domain - isolated_app }, vendor_sysfs_public);
+r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
dontaudit domain kernel:system module_request;
# Allow all domains read access to sysfs_thermal
-r_dir_file({domain - isolated_app}, sysfs_thermal);
+r_dir_file({domain - isolated_app_all}, sysfs_thermal);
# Allow domain to read /vendor -> /system/vendor
allow domain system_file:lnk_file getattr;
@@ -81,6 +81,6 @@
')
# allow all context to read sysfs_kgsl
-allow { domain - isolated_app } sysfs_kgsl:dir search;
+allow { domain - isolated_app_all } sysfs_kgsl:dir search;
# allow all context to read gpu model
-allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms;
+allow { domain - isolated_app_all } sysfs_kgsl_gpu_model:file r_file_perms;
diff --git a/legacy/vendor/common/hal_drm_clearkey.te b/legacy/vendor/common/hal_drm_clearkey.te
index a8adb1c..9805283 100644
--- a/legacy/vendor/common/hal_drm_clearkey.te
+++ b/legacy/vendor/common/hal_drm_clearkey.te
@@ -35,4 +35,4 @@
vndbinder_use(hal_drm_clearkey);
-allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use;
diff --git a/legacy/vendor/common/hal_drm_widevine.te b/legacy/vendor/common/hal_drm_widevine.te
index 3d894f9..8af2883 100644
--- a/legacy/vendor/common/hal_drm_widevine.te
+++ b/legacy/vendor/common/hal_drm_widevine.te
@@ -33,7 +33,7 @@
init_daemon_domain(hal_drm_widevine)
allow hal_drm_widevine mediacodec:fd use;
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;
# The QTI DRM-HAL implementation uses a vendor-binder service provided
# by the HWC HAL.