From 9c0b7188f0a9209dc20f15c244d1aa20d0bb33ba Mon Sep 17 00:00:00 2001
From: dianlujitao <dianlujitao@lineageos.org>
Date: Mon, 18 Feb 2019 20:55:11 +0800
Subject: wayne-common: Access mlipay hal via a binder service

 * Untrusted apps are no longer allowed to directly access hwbinder on
   Pie, implement a system service as a middleware between mlipay hal
   and untrusted apps.
 * Xiaomi uses similar solution for MIUI on Pie.

Change-Id: Ie52376b1f7bcd84d219fe73bceb4bdd6cc2b9980
---
 sepolicy/hwservice.te  | 2 +-
 sepolicy/system_app.te | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/system_app.te

(limited to 'sepolicy')

diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te
index 32adecb..6c299d1 100644
--- a/sepolicy/hwservice.te
+++ b/sepolicy/hwservice.te
@@ -1,2 +1,2 @@
 type goodixhw_service, hwservice_manager_type;
-type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
+type hal_mlipay_hwservice, hwservice_manager_type;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
new file mode 100644
index 0000000..c9f1b37
--- /dev/null
+++ b/sepolicy/system_app.te
@@ -0,0 +1 @@
+hal_client_domain(system_app, hal_mlipay)
-- 
cgit v1.2.3