Enforce more specific service access.

Move the following services from tmp_system_server_service to appropriate attributes: network_management network_score notification package permission persistent power print processinfo procstats Bug: 18106000 Change-Id: I9dfb41fa41cde72ef0059668410a2e9eb1af491c
author: dcashman <dcashman@google.com> 2015-04-08 13:04:59 -0700
committer: Nick Kralevich <nnk@google.com> 2015-04-08 20:26:50 +0000
commit: 03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (patch)
tree: fff02620b904aea27175874b077490807a4dc706 /drmserver.te
parent: 9bef25026b43ccfb656a3a53b74a787ca3376227 (diff)
download: android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.gz
android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.bz2
android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.zip
1 files changed, 1 insertions, 7 deletions
diff --git a/drmserver.te b/drmserver.te
index 418ce39..d76d3be 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -50,12 +50,6 @@ allow drmserver oemfs:dir search;
 allow drmserver oemfs:file r_file_perms;
 
 allow drmserver drmserver_service:service_manager { add find };
-allow drmserver tmp_system_server_service:service_manager find;
-
-service_manager_local_audit_domain(drmserver)
-auditallow drmserver {
-    tmp_system_server_service
-    -permission_service
-}:service_manager find;
+allow drmserver permission_service:service_manager find;
 
 selinux_check_access(drmserver)
author	dcashman <dcashman@google.com>	2015-04-08 13:04:59 -0700
committer	Nick Kralevich <nnk@google.com>	2015-04-08 20:26:50 +0000
commit	03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (patch)
tree	fff02620b904aea27175874b077490807a4dc706 /drmserver.te
parent	9bef25026b43ccfb656a3a53b74a787ca3376227 (diff)
download	android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.gz android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.bz2 android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.zip