Enable permission checking by binderservicedomain.

binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
author: dcashman <dcashman@google.com> 2015-10-29 10:32:14 -0700
committer: The Android Automerger <android-build@google.com> 2015-10-29 19:24:22 -0700
commit: 9acda2f3805c426c18af62b98aac614f69f97864 (patch)
tree: a8254311c9e3e837336911a12d0b523dff2cbd9b
parent: 6ab438dc8b4c8b661c8209ecfb66b626b8bdc532 (diff)
download: android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.gz
android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.bz2
android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 0bfd33a..36993eb 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
 allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore(binderservicedomain)
author	dcashman <dcashman@google.com>	2015-10-29 10:32:14 -0700
committer	The Android Automerger <android-build@google.com>	2015-10-29 19:24:22 -0700
commit	9acda2f3805c426c18af62b98aac614f69f97864 (patch)
tree	a8254311c9e3e837336911a12d0b523dff2cbd9b
parent	6ab438dc8b4c8b661c8209ecfb66b626b8bdc532 (diff)
download	android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.gz android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.bz2 android_external_sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.zip