diff options
author | repo sync <gcondra@google.com> | 2013-05-17 17:11:29 -0700 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-05-20 11:08:05 -0700 |
commit | 77d4731e9d30c8971e076e2469d6957619019921 (patch) | |
tree | a09ca764a3474bfaf20c0aafee0bf3a907d382fe /servicemanager.te | |
parent | 42cabf341c8a600a218023ec69b3518e3d3d482c (diff) | |
download | android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.gz android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.bz2 android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.zip |
Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
Diffstat (limited to 'servicemanager.te')
-rw-r--r-- | servicemanager.te | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/servicemanager.te b/servicemanager.te index dc0f15e..80ed9df 100644 --- a/servicemanager.te +++ b/servicemanager.te @@ -4,12 +4,4 @@ permissive servicemanager; type servicemanager_exec, exec_type, file_type; init_daemon_domain(servicemanager) - -# Note that we do not use the binder_* macros here. -# servicemanager is unique in that it only provides -# name service (aka context manager) for Binder. -# As such, it only ever receives and transfers other references -# created by other domains. It never passes its own references -# or initiates a Binder IPC. -allow servicemanager self:binder set_context_mgr; -allow servicemanager domain:binder transfer; +unconfined_domain(servicemanager) |