Exclude coredomain access from hal_fingerprint

Bug: 326227403 Test: manual (build target aosp_cf_x86_64_phone-trunk_staging-eng) Change-Id: I3d4acc283fc14964e10c93a0bbf496791d30966e
author: Jeff Pu <jeffpu@google.com> 2024-09-05 08:34:10 -0400
committer: Jeff Pu <jeffpu@google.com> 2024-09-05 08:34:10 -0400
commit: 82f1c0f741a885967ed6c7c83a9ae66e01664592 (patch)
tree: 5e63946908fe9c7bac7941c9db3e0875e773a071
parent: 9512c1724c673dd20062ef07c211aa4e635a54bd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/vendor/google/hal_fingerprint.te b/vendor/google/hal_fingerprint.te
index 7de66923..f0dbd00a 100644
--- a/vendor/google/hal_fingerprint.te
+++ b/vendor/google/hal_fingerprint.te
@@ -2,7 +2,7 @@ allow hal_fingerprint sysfs_fingerprint:dir r_dir_perms;
 allow hal_fingerprint sysfs_fingerprint:file rw_file_perms;
 allow hal_fingerprint sysfs_msm_subsys:dir search;
 allow hal_fingerprint sysfs_msm_subsys:file r_file_perms;
-allow hal_fingerprint tee_device:chr_file rw_file_perms;
+allow { hal_fingerprint -coredomain } tee_device:chr_file rw_file_perms;
 allow hal_fingerprint uhid_device:chr_file rw_file_perms;
 allow hal_fingerprint fwk_stats_hwservice:hwservice_manager find;
 binder_call(hal_fingerprint_default, statsd);
author	Jeff Pu <jeffpu@google.com>	2024-09-05 08:34:10 -0400
committer	Jeff Pu <jeffpu@google.com>	2024-09-05 08:34:10 -0400
commit	82f1c0f741a885967ed6c7c83a9ae66e01664592 (patch)
tree	5e63946908fe9c7bac7941c9db3e0875e773a071
parent	9512c1724c673dd20062ef07c211aa4e635a54bd (diff)