Remove catchall for unregistered services.

Remove the allow rule for default services in
binderservicedomain.te so we will need to whitelist any
services to be registered.

Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531

1 files changed, 0 insertions, 4 deletions

diff --git a/binderservicedomain.te b/binderservicedomain.te
index 3190b6b..19da03c 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,10 +13,6 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
-# Allow binderservicedomain to add services by default.
-allow binderservicedomain service_manager_type:service_manager add;
-auditallow binderservicedomain default_android_service:service_manager add;
-
 allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
 auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };