Add access control for each service_manager action.

Add SELinux MAC for the service manager actions list and find. Add the list and find verbs to the service_manager class. Add policy requirements for service_manager to enforce policies to binder_use macro. Change-Id: I224b1c6a6e21e3cdeb23badfc35c82a37558f964
author: Riley Spahn <rileyspahn@google.com> 2014-07-07 13:56:27 -0700
committer: Riley Spahn <rileyspahn@google.com> 2014-07-14 11:09:27 -0700
commit: b8511e0d98880a683c276589ab7d8d7666b7f8c1 (patch)
tree: 1637502428877a77f91c0c701ab5eef966fcd1a4 /drmserver.te
parent: c103da877b72aae80616dbc192982aaf75dfe888 (diff)
download: android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.gz
android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.bz2
android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/drmserver.te b/drmserver.te
index 1993176..12e3ac7 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -46,3 +46,7 @@ allow drmserver asec_apk_file:file { read getattr };
 allow drmserver radio_data_file:file { read getattr };
 
 allow drmserver drmserver_service:service_manager add;
+
+# Audited locally.
+service_manager_local_audit_domain(drmserver)
+auditallow drmserver { service_manager_type -drmserver_service }:service_manager find;
author	Riley Spahn <rileyspahn@google.com>	2014-07-07 13:56:27 -0700
committer	Riley Spahn <rileyspahn@google.com>	2014-07-14 11:09:27 -0700
commit	b8511e0d98880a683c276589ab7d8d7666b7f8c1 (patch)
tree	1637502428877a77f91c0c701ab5eef966fcd1a4 /drmserver.te
parent	c103da877b72aae80616dbc192982aaf75dfe888 (diff)
download	android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.gz android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.bz2 android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.zip