Merge "Allow applications to use NN API HAL services"
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c4cbfd8..05ef5ed 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -172,6 +172,7 @@
-hal_graphics_allocator_hwservice
-hal_omx_hwservice
-hal_cas_hwservice
+ -hal_neuralnetworks_hwservice
-untrusted_app_visible_hwservice
}:hwservice_manager find;
@@ -194,7 +195,6 @@
hal_keymaster_hwservice
hal_light_hwservice
hal_memtrack_hwservice
- hal_neuralnetworks_hwservice
hal_nfc_hwservice
hal_oemlock_hwservice
hal_power_hwservice
@@ -238,6 +238,7 @@
-hal_configstore_server
-hal_graphics_allocator_server
-hal_cas_server
+ -hal_neuralnetworks_server
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
-untrusted_app_visible_halserver
}:binder { call transfer };
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 974f328..7f9d315 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -31,3 +31,8 @@
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
(typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))