commit 1642d4059a7432f269467a7621e9d16b1ffce699
author Yang Ni <yangni@google.com> Wed Jan 17 16:34:16 2018 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jan 17 16:34:16 2018 +0000
tree 05019089f74ab75cdd0a9c08bbf98378f93cae31
parent 66024968e987b510e8139091dbe6c416eb89da80
parent ea331aa7b8e5cda406ac5da77b7c5c8477f4ea0f

Merge "Allow applications to use NN API HAL services"

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c4cbfd8..05ef5ed 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -172,6 +172,7 @@
   -hal_graphics_allocator_hwservice
   -hal_omx_hwservice
   -hal_cas_hwservice
+  -hal_neuralnetworks_hwservice
   -untrusted_app_visible_hwservice
 }:hwservice_manager find;
 
@@ -194,7 +195,6 @@
   hal_keymaster_hwservice
   hal_light_hwservice
   hal_memtrack_hwservice
-  hal_neuralnetworks_hwservice
   hal_nfc_hwservice
   hal_oemlock_hwservice
   hal_power_hwservice
@@ -238,6 +238,7 @@
     -hal_configstore_server
     -hal_graphics_allocator_server
     -hal_cas_server
+    -hal_neuralnetworks_server
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
     -untrusted_app_visible_halserver
   }:binder { call transfer };

private/technical_debt.cil

diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 974f328..7f9d315 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -31,3 +31,8 @@
 ; Unfortunately, we can't currently express this in module policy language:
 ;     typeattribute hal_camera hal_allocator_client;
 (typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+;     typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))