sepolicy: Restrict diag access available to domains

Current diag access is overly permissive. Restrict diag access to a whilelist of all domains. CRs-Fixed: 1052935 Change-Id: I7713f18a10508ef297e2742969dc5f9064cf9b50
author: Biswajit Paul <biswajitpaul@codeaurora.org> 2016-07-20 12:02:14 -0700
committer: Dennis Cagle <d-cagle@codeaurora.org> 2016-09-12 15:44:19 -0700
commit: 277acbba3c7adbb01364f738638a23b1b8674311 (patch)
tree: d50c753f79fd574cfcdc17c206c20b0d5b14a199 /common/surfaceflinger.te
parent: 17cde0630b9bbb849080895fe86fecac99b063ba (diff)
download: android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.gz
android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.bz2
android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te
index 9baa3a04..0a8ae6de 100644
--- a/common/surfaceflinger.te
+++ b/common/surfaceflinger.te
@@ -37,3 +37,7 @@ binder_call(surfaceflinger, mmi)
 
 #Allow access to cameraserver service
 allow surfaceflinger cameraserver_service:service_manager find;
+#diag
+userdebug_or_eng(`
+    diag_use(surfaceflinger)
+')
author	Biswajit Paul <biswajitpaul@codeaurora.org>	2016-07-20 12:02:14 -0700
committer	Dennis Cagle <d-cagle@codeaurora.org>	2016-09-12 15:44:19 -0700
commit	277acbba3c7adbb01364f738638a23b1b8674311 (patch)
tree	d50c753f79fd574cfcdc17c206c20b0d5b14a199 /common/surfaceflinger.te
parent	17cde0630b9bbb849080895fe86fecac99b063ba (diff)
download	android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.gz android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.bz2 android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.zip