From 277acbba3c7adbb01364f738638a23b1b8674311 Mon Sep 17 00:00:00 2001
From: Biswajit Paul <biswajitpaul@codeaurora.org>
Date: Wed, 20 Jul 2016 12:02:14 -0700
Subject: sepolicy: Restrict diag access available to domains

Current diag access is overly permissive. Restrict diag access
to a whilelist of all domains.

CRs-Fixed: 1052935
Change-Id: I7713f18a10508ef297e2742969dc5f9064cf9b50
---
 common/surfaceflinger.te | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'common/surfaceflinger.te')

diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te
index 9baa3a04..0a8ae6de 100644
--- a/common/surfaceflinger.te
+++ b/common/surfaceflinger.te
@@ -37,3 +37,7 @@ binder_call(surfaceflinger, mmi)
 
 #Allow access to cameraserver service
 allow surfaceflinger cameraserver_service:service_manager find;
+#diag
+userdebug_or_eng(`
+    diag_use(surfaceflinger)
+')
-- 
cgit v1.2.3