diff options
author | Riley Spahn <rileyspahn@google.com> | 2014-06-24 14:43:29 -0700 |
---|---|---|
committer | Riley Spahn <rileyspahn@google.com> | 2014-06-30 15:21:21 -0700 |
commit | 28b7180824609bd083cc3a38df4ed94ed942f395 (patch) | |
tree | acbcf1205379e0381723d77d374787f6de2f28ce | |
parent | 166c09e59d450f6a06597b9e2b8e5ed3c0ebd044 (diff) | |
download | android_external_sepolicy-28b7180824609bd083cc3a38df4ed94ed942f395.tar.gz android_external_sepolicy-28b7180824609bd083cc3a38df4ed94ed942f395.tar.bz2 android_external_sepolicy-28b7180824609bd083cc3a38df4ed94ed942f395.zip |
Remove catchall for unregistered services.
Remove the allow rule for default services in
binderservicedomain.te so we will need to whitelist any
services to be registered.
Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
-rw-r--r-- | binderservicedomain.te | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te index 3190b6b..19da03c 100644 --- a/binderservicedomain.te +++ b/binderservicedomain.te @@ -13,10 +13,6 @@ allow binderservicedomain console_device:chr_file rw_file_perms; allow binderservicedomain appdomain:fd use; allow binderservicedomain appdomain:fifo_file write; -# Allow binderservicedomain to add services by default. -allow binderservicedomain service_manager_type:service_manager add; -auditallow binderservicedomain default_android_service:service_manager add; - allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; |