diff options
author | Riley Spahn <rileyspahn@google.com> | 2014-07-07 13:56:27 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-15 10:09:52 -0700 |
commit | 344fc109e9787f91946ac852bb513c796aab38f6 (patch) | |
tree | 61d1361bc58efa78aee425fe3b8b187e38fb966b /drmserver.te | |
parent | 10370f5ff47745fe9678d18ff788e51e665bf36e (diff) | |
download | android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.tar.gz android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.tar.bz2 android_external_sepolicy-344fc109e9787f91946ac852bb513c796aab38f6.zip |
Add access control for each service_manager action.
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
(cherry picked from commit b8511e0d98880a683c276589ab7d8d7666b7f8c1)
Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
Diffstat (limited to 'drmserver.te')
-rw-r--r-- | drmserver.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drmserver.te b/drmserver.te index 1993176..12e3ac7 100644 --- a/drmserver.te +++ b/drmserver.te @@ -46,3 +46,7 @@ allow drmserver asec_apk_file:file { read getattr }; allow drmserver radio_data_file:file { read getattr }; allow drmserver drmserver_service:service_manager add; + +# Audited locally. +service_manager_local_audit_domain(drmserver) +auditallow drmserver { service_manager_type -drmserver_service }:service_manager find; |