diff options
| author | Riley Spahn <rileyspahn@google.com> | 2014-07-07 13:56:27 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-07-15 10:09:52 -0700 |
| commit | 344fc109e9787f91946ac852bb513c796aab38f6 (patch) | |
| tree | 61d1361bc58efa78aee425fe3b8b187e38fb966b /bluetooth.te | |
| parent | 10370f5ff47745fe9678d18ff788e51e665bf36e (diff) | |
| download | android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.tar.gz android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.tar.bz2 android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.zip | |
Add access control for each service_manager action.
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
(cherry picked from commit b8511e0d98880a683c276589ab7d8d7666b7f8c1)
Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
Diffstat (limited to 'bluetooth.te')
| -rw-r--r-- | bluetooth.te | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/bluetooth.te b/bluetooth.te index 2b108a9..8ba56b0 100644 --- a/bluetooth.te +++ b/bluetooth.te @@ -49,6 +49,14 @@ allow bluetooth bluetooth_prop:property_service set; allow bluetooth pan_result_prop:property_service set; allow bluetooth ctl_dhcp_pan_prop:property_service set; +# Audited locally. +service_manager_local_audit_domain(bluetooth) +auditallow bluetooth { + service_manager_type + -bluetooth_service + -system_server_service +}:service_manager find; + ### ### Neverallow rules ### |