diff options
author | dcashman <dcashman@google.com> | 2015-03-03 11:20:15 -0800 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-03-03 11:38:07 -0800 |
commit | 23f336156daf61ba07c024af2fe96994605f46eb (patch) | |
tree | b4623fd212a55d64149265a182ff1ab86d52b905 /system_server.te | |
parent | 3e113edf0225bbe54a0f98353dd22de855ee2657 (diff) | |
download | android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.tar.gz android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.tar.bz2 android_external_sepolicy-23f336156daf61ba07c024af2fe96994605f46eb.zip |
Record observed system_server servicemanager service requests.
Also formally allow dumpstate access to all services and grant system_server
access to address the following non-system_server_service entries:
avc: granted { find } for service=drm.drmManager scontext=u:r:system_server:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
avc: granted { find } for service=nfc scontext=u:r:system_server:s0 tcontext=u:object_r:nfc_service:s0 tclass=service_manager
Bug: 18106000
Change-Id: Iad16b36acf44bce52c4824f8b53c0e7731c25602
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te index ae9ada2..191c446 100644 --- a/system_server.te +++ b/system_server.te @@ -364,9 +364,11 @@ allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms }; allow system_server pstorefs:dir r_dir_perms; allow system_server pstorefs:file r_file_perms; +allow system_server drmserver_service:service_manager find; allow system_server healthd_service:service_manager find; allow system_server keystore_service:service_manager find; allow system_server mediaserver_service:service_manager find; +allow system_server nfc_service:service_manager find; allow system_server radio_service:service_manager find; allow system_server system_server_service:service_manager { add find }; allow system_server surfaceflinger_service:service_manager find; @@ -376,9 +378,11 @@ allow system_server tmp_system_server_service:service_manager { add find }; allow system_server service_manager_type:service_manager find; auditallow system_server { service_manager_type + -drmserver_service -healthd_service -keystore_service -mediaserver_service + -nfc_service -radio_service -system_server_service -surfaceflinger_service @@ -418,6 +422,7 @@ auditallow system_server { -network_score_service -notification_service -package_service + -permission_service -power_service -registry_service -sensorservice_service |