diff options
author | dcashman <dcashman@google.com> | 2015-01-15 15:12:18 -0800 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-01-15 15:12:18 -0800 |
commit | c631ede7dc7cb131b1bdd03ce296eeac53dc9add (patch) | |
tree | 52058c6cfa2b126f761f5593ff8d778215570191 /system_app.te | |
parent | 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (diff) | |
download | android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.tar.gz android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.tar.bz2 android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.zip |
Remove known system_server service accesses from auditing.
Address observed audit logs of the form:
granted { find } for service=XXX scontext=u:r:YYY:s0:c512,c768 tcontext=u:object_r:XXX_service:s0 tclass=service_manager
in order to record existing relationships with services.
Bug: 18106000
Change-Id: I99a68f329c17ba67ebf3b87729b8405bdc925ef4
Diffstat (limited to 'system_app.te')
-rw-r--r-- | system_app.te | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/system_app.te b/system_app.te index a445e57..12a5195 100644 --- a/system_app.te +++ b/system_app.te @@ -57,6 +57,23 @@ allow system_app system_app_service:service_manager add; allow system_app system_server_service:service_manager find; allow system_app tmp_system_server_service:service_manager find; +# address tmp_system_server_service accesses +allow system_app { + activity_service + connectivity_service + display_service + dropbox_service +}:service_manager find; + +service_manager_local_audit_domain(system_app) +auditallow system_app { + tmp_system_server_service + -activity_service + -connectivity_service + -display_service + -dropbox_service +}:service_manager find; + allow system_app keystore:keystore_key { test get |