diff options
author | Steve Kondik <steve@cyngn.com> | 2015-12-07 16:23:44 -0800 |
---|---|---|
committer | Steve Kondik <steve@cyngn.com> | 2015-12-07 16:23:44 -0800 |
commit | c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f (patch) | |
tree | 219af2d141bdfaddf9b9f7b6902ca34399b3b9c8 | |
parent | 2a3f195b0c1e010a042c9511f4731a25df39b3fb (diff) | |
parent | 9acda2f3805c426c18af62b98aac614f69f97864 (diff) | |
download | android_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.tar.gz android_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.tar.bz2 android_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.zip |
Merge tag 'android-6.0.1_r3' of https://android.googlesource.com/platform/external/sepolicy into cm-13.0
Android 6.0.1 release 3
-rw-r--r-- | binderservicedomain.te | 3 | ||||
-rw-r--r-- | bluetooth.te | 2 | ||||
-rw-r--r-- | untrusted_app.te | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te index 0bfd33a..36993eb 100644 --- a/binderservicedomain.te +++ b/binderservicedomain.te @@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms; allow binderservicedomain appdomain:fd use; allow binderservicedomain appdomain:fifo_file write; +# allow all services to run permission checks +allow binderservicedomain permission_service:service_manager find; + allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify }; use_keystore(binderservicedomain) diff --git a/bluetooth.te b/bluetooth.te index a79023d..f77bd0d 100644 --- a/bluetooth.te +++ b/bluetooth.te @@ -70,4 +70,4 @@ allow bluetooth shell_data_file:file read; # Superuser capabilities. # bluetooth requires net_admin and wake_alarm. neverallow bluetooth self:capability ~net_admin; -neverallow bluetooth self:capability2 ~wake_alarm; +neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend }; diff --git a/untrusted_app.te b/untrusted_app.te index 2aa1495..fb76317 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -84,6 +84,7 @@ allow untrusted_app cache_file:file create_file_perms; allow untrusted_app servicemanager:service_manager list; allow untrusted_app drmserver_service:service_manager find; +allow untrusted_app healthd_service:service_manager find; allow untrusted_app mediaserver_service:service_manager find; allow untrusted_app nfc_service:service_manager find; allow untrusted_app radio_service:service_manager find; |