SELinux permissions for gatekeeper TEE proxy

sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
author: Andres Morales <anmorales@google.com> 2015-04-03 16:46:33 -0700
committer: Andres Morales <anmorales@google.com> 2015-04-06 16:46:58 -0700
commit: e207986ea08feebd04f32cd2beff0b1602d08074 (patch)
tree: 60709dfa0dfdcb796141f712848b81e4f003b6fc /service.te
parent: c24d90cb5991ee53842c8fddf526187767ec92ec (diff)
download: android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz
android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2
android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/service.te b/service.te
index a11e641..2341ff0 100644
--- a/service.te
+++ b/service.te
@@ -4,6 +4,7 @@ type drmserver_service,         service_manager_type;
 type healthd_service,           service_manager_type;
 type inputflinger_service,      service_manager_type;
 type keystore_service,          service_manager_type;
+type gatekeeper_service,        service_manager_type;
 type mediaserver_service,       service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
author	Andres Morales <anmorales@google.com>	2015-04-03 16:46:33 -0700
committer	Andres Morales <anmorales@google.com>	2015-04-06 16:46:58 -0700
commit	e207986ea08feebd04f32cd2beff0b1602d08074 (patch)
tree	60709dfa0dfdcb796141f712848b81e4f003b6fc /service.te
parent	c24d90cb5991ee53842c8fddf526187767ec92ec (diff)
download	android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2 android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip