sepolicy_vndr: isolated_app -> isolated_app_all
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te
index abb4ac2..a8d14ea 100644
--- a/generic/vendor/common/domain.te
+++ b/generic/vendor/common/domain.te
@@ -30,10 +30,10 @@
get_prop(domain, vendor_gralloc_prop)
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_soc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_esoc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_ssr);
-r_dir_file({domain - isolated_app}, sysfs_thermal);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_soc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_esoc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_ssr);
+r_dir_file({domain - isolated_app_all}, sysfs_thermal);
#Reding of standard chip details need this
allow untrusted_app_all {
@@ -41,7 +41,7 @@
vendor_sysfs_esoc
vendor_sysfs_ssr
}:dir search ;
-r_dir_file({domain - isolated_app }, vendor_sysfs_public);
+r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
get_prop(domain, vendor_public_vendor_default_prop)
@@ -58,12 +58,12 @@
-vold
} vendor_persist_type: { dir file } *;
-allow { domain - isolated_app } vendor_sysfs_kgsl:dir search;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl:dir search;
# Allow all context to read gpu model
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
-allow { domain - isolated_app } vendor_sysfs_kgsl_max_gpuclk:file r_file_perms;
-allow { domain - isolated_app } vendor_sysfs_gpu_max_clock:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_max_gpuclk:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_gpu_max_clock:file r_file_perms;
neverallow {
coredomain
diff --git a/generic/vendor/common/hal_drm_widevine.te b/generic/vendor/common/hal_drm_widevine.te
index fbc0536..d2a2109 100644
--- a/generic/vendor/common/hal_drm_widevine.te
+++ b/generic/vendor/common/hal_drm_widevine.te
@@ -33,7 +33,7 @@
init_daemon_domain(vendor_hal_drm_widevine)
allow vendor_hal_drm_widevine mediacodec:fd use;
-allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow vendor_hal_drm_widevine { appdomain -isolated_app_all }:fd use;
allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms;
#Allow access to smcinvoke device
diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te
index ee8e842..24058d1 100644
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -37,7 +37,7 @@
#allow all gpu clients to access configuration settings
userdebug_or_eng(`
allow domain vendor_sysfs_kgsl:dir search;
-r_dir_file({domain - isolated_app}, vendor_sysfs_kgsl_snapshot);
+r_dir_file({domain - isolated_app_all}, vendor_sysfs_kgsl_snapshot);
allow domain coredump_file:dir create_dir_perms;
allow domain coredump_file:file create_file_perms;
allow domain coredump_file:dir rw_dir_perms;
diff --git a/legacy/vendor/common/domain.te b/legacy/vendor/common/domain.te
index bfe92d7..4005a8c 100644
--- a/legacy/vendor/common/domain.te
+++ b/legacy/vendor/common/domain.te
@@ -25,9 +25,9 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_socinfo);
-r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_esoc);
-r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_ssr);
+r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_socinfo);
+r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_esoc);
+r_dir_file({domain - isolated_app_all -untrusted_app_all }, sysfs_ssr);
#Reding of standard chip details need this
allow untrusted_app_all {
@@ -35,12 +35,12 @@
sysfs_esoc
sysfs_ssr
}:dir search ;
-r_dir_file({domain - isolated_app }, vendor_sysfs_public);
+r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
dontaudit domain kernel:system module_request;
# Allow all domains read access to sysfs_thermal
-r_dir_file({domain - isolated_app}, sysfs_thermal);
+r_dir_file({domain - isolated_app_all}, sysfs_thermal);
# Allow domain to read /vendor -> /system/vendor
allow domain system_file:lnk_file getattr;
@@ -79,6 +79,6 @@
')
# allow all context to read sysfs_kgsl
-allow { domain - isolated_app } sysfs_kgsl:dir search;
+allow { domain - isolated_app_all } sysfs_kgsl:dir search;
# allow all context to read gpu model
-allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms;
+allow { domain - isolated_app_all } sysfs_kgsl_gpu_model:file r_file_perms;
diff --git a/legacy/vendor/common/hal_drm_clearkey.te b/legacy/vendor/common/hal_drm_clearkey.te
index a8adb1c..9805283 100644
--- a/legacy/vendor/common/hal_drm_clearkey.te
+++ b/legacy/vendor/common/hal_drm_clearkey.te
@@ -35,4 +35,4 @@
vndbinder_use(hal_drm_clearkey);
-allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use;
diff --git a/legacy/vendor/common/hal_drm_widevine.te b/legacy/vendor/common/hal_drm_widevine.te
index 3d894f9..8af2883 100644
--- a/legacy/vendor/common/hal_drm_widevine.te
+++ b/legacy/vendor/common/hal_drm_widevine.te
@@ -33,7 +33,7 @@
init_daemon_domain(hal_drm_widevine)
allow hal_drm_widevine mediacodec:fd use;
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;
# The QTI DRM-HAL implementation uses a vendor-binder service provided
# by the HWC HAL.