diff options
author | Andres Morales <anmorales@google.com> | 2015-04-03 16:46:33 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-04-06 16:46:58 -0700 |
commit | e207986ea08feebd04f32cd2beff0b1602d08074 (patch) | |
tree | 60709dfa0dfdcb796141f712848b81e4f003b6fc /service.te | |
parent | c24d90cb5991ee53842c8fddf526187767ec92ec (diff) | |
download | android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2 android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip |
SELinux permissions for gatekeeper TEE proxy
sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients
Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
Diffstat (limited to 'service.te')
-rw-r--r-- | service.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -4,6 +4,7 @@ type drmserver_service, service_manager_type; type healthd_service, service_manager_type; type inputflinger_service, service_manager_type; type keystore_service, service_manager_type; +type gatekeeper_service, service_manager_type; type mediaserver_service, service_manager_type; type nfc_service, service_manager_type; type radio_service, service_manager_type; |