diff options
author | dcashman <dcashman@google.com> | 2015-01-15 15:12:18 -0800 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-01-15 15:12:18 -0800 |
commit | c631ede7dc7cb131b1bdd03ce296eeac53dc9add (patch) | |
tree | 52058c6cfa2b126f761f5593ff8d778215570191 /system_server.te | |
parent | 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (diff) | |
download | android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.tar.gz android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.tar.bz2 android_external_sepolicy-c631ede7dc7cb131b1bdd03ce296eeac53dc9add.zip |
Remove known system_server service accesses from auditing.
Address observed audit logs of the form:
granted { find } for service=XXX scontext=u:r:YYY:s0:c512,c768 tcontext=u:object_r:XXX_service:s0 tclass=service_manager
in order to record existing relationships with services.
Bug: 18106000
Change-Id: I99a68f329c17ba67ebf3b87729b8405bdc925ef4
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/system_server.te b/system_server.te index 45c4936..73ff33c 100644 --- a/system_server.te +++ b/system_server.te @@ -383,17 +383,30 @@ auditallow system_server { -radio_service -system_server_service -surfaceflinger_service + -tmp_system_server_service }:service_manager find; # address tmp_system_server_service accesses -allow system_server dreams_service:service_manager find; -allow system_server mount_service:service_manager find; +allow system_server { + account_service + backup_service + dreams_service + mount_service + package_service + wallpaper_service + wifi_service +}:service_manager find; service_manager_local_audit_domain(system_server) auditallow system_server { tmp_system_server_service + -account_service + -backup_service -dreams_service -mount_service + -package_service + -wallpaper_service + -wifi_service }:service_manager find; allow system_server keystore:keystore_key { |