Snap for 4640417 from 50abee6fc8e5cd77ebc015a00c5df10845262b75 to oreo-mr1-vts-release
Change-Id: Ib0254829db277b0bed5ce8138eda56af09c6be0a
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index a3d7d49..5ec0094 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -158,6 +158,7 @@
-hal_graphics_allocator_hwservice
-hal_omx_hwservice
-hal_cas_hwservice
+ -hal_neuralnetworks_hwservice
-untrusted_app_visible_hwservice
}:hwservice_manager find;
@@ -180,7 +181,6 @@
hal_keymaster_hwservice
hal_light_hwservice
hal_memtrack_hwservice
- hal_neuralnetworks_hwservice
hal_nfc_hwservice
hal_oemlock_hwservice
hal_power_hwservice
@@ -224,6 +224,7 @@
-hal_configstore_server
-hal_graphics_allocator_server
-hal_cas_server
+ -hal_neuralnetworks_server
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
-untrusted_app_visible_halserver
}:binder { call transfer };
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 974f328..7f9d315 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -31,3 +31,8 @@
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
(typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
