sepolicy_vndr: isolated_app -> isolated_app_all
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
diff --git a/generic/vendor/common/app.te b/generic/vendor/common/app.te
index b6d0824..5c48801 100644
--- a/generic/vendor/common/app.te
+++ b/generic/vendor/common/app.te
@@ -35,6 +35,6 @@
allow appdomain vendor_npu_device:chr_file r_file_perms;
# Allow all apps to access /dev/dma_heap/qcom,system
-allow { appdomain -isolated_app -coredomain } vendor_dmabuf_system_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all -coredomain } vendor_dmabuf_system_heap_device:chr_file r_file_perms;
dontaudit appdomain vendor_hal_qspmhal_hwservice:hwservice_manager find;
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te
index b3b4732..0f4f053 100644
--- a/generic/vendor/common/domain.te
+++ b/generic/vendor/common/domain.te
@@ -30,10 +30,10 @@
get_prop(domain, vendor_gralloc_prop)
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_soc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_esoc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_ssr);
-r_dir_file({domain - isolated_app}, sysfs_thermal);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_soc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_esoc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_ssr);
+r_dir_file({domain - isolated_app_all}, sysfs_thermal);
#Reding of standard chip details need this
allow untrusted_app_all {
@@ -41,7 +41,7 @@
vendor_sysfs_esoc
vendor_sysfs_ssr
}:dir search ;
-r_dir_file({domain - isolated_app }, vendor_sysfs_public);
+r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
get_prop(domain, vendor_public_vendor_default_prop)
@@ -58,10 +58,10 @@
-vold
} vendor_persist_type: { dir file } *;
-allow { domain - isolated_app } vendor_sysfs_kgsl:dir search;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl:dir search;
# Allow all context to read gpu model
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
neverallow {
coredomain
diff --git a/generic/vendor/common/hal_drm_widevine.te b/generic/vendor/common/hal_drm_widevine.te
index b1b168c..c81f792 100644
--- a/generic/vendor/common/hal_drm_widevine.te
+++ b/generic/vendor/common/hal_drm_widevine.te
@@ -33,7 +33,7 @@
init_daemon_domain(vendor_hal_drm_widevine)
allow vendor_hal_drm_widevine mediacodec:fd use;
-allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow vendor_hal_drm_widevine { appdomain -isolated_app_all }:fd use;
allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms;
#Allow access to smcinvoke device
diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te
index ee8e842..24058d1 100644
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -37,7 +37,7 @@
#allow all gpu clients to access configuration settings
userdebug_or_eng(`
allow domain vendor_sysfs_kgsl:dir search;
-r_dir_file({domain - isolated_app}, vendor_sysfs_kgsl_snapshot);
+r_dir_file({domain - isolated_app_all}, vendor_sysfs_kgsl_snapshot);
allow domain coredump_file:dir create_dir_perms;
allow domain coredump_file:file create_file_perms;
allow domain coredump_file:dir rw_dir_perms;