diff options
author | dcashman <dcashman@google.com> | 2015-03-03 11:20:15 -0800 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-03-03 11:38:07 -0800 |
commit | 23f336156daf61ba07c024af2fe96994605f46eb (patch) | |
tree | b4623fd212a55d64149265a182ff1ab86d52b905 /drmserver.te | |
parent | 3e113edf0225bbe54a0f98353dd22de855ee2657 (diff) | |
download | android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.tar.gz android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.tar.bz2 android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.zip |
Record observed system_server servicemanager service requests.
Also formally allow dumpstate access to all services and grant system_server
access to address the following non-system_server_service entries:
avc: granted { find } for service=drm.drmManager scontext=u:r:system_server:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
avc: granted { find } for service=nfc scontext=u:r:system_server:s0 tcontext=u:object_r:nfc_service:s0 tclass=service_manager
Bug: 18106000
Change-Id: Iad16b36acf44bce52c4824f8b53c0e7731c25602
Diffstat (limited to 'drmserver.te')
-rw-r--r-- | drmserver.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drmserver.te b/drmserver.te index 482c218..e52d679 100644 --- a/drmserver.te +++ b/drmserver.te @@ -53,4 +53,10 @@ allow drmserver drmserver_service:service_manager { add find }; allow drmserver system_server_service:service_manager find; allow drmserver tmp_system_server_service:service_manager find; +service_manager_local_audit_domain(drmserver) +auditallow drmserver { + tmp_system_server_service + -permission_service +}:service_manager find; + selinux_check_access(drmserver) |