diff options
author | Andres Morales <anmorales@google.com> | 2015-04-03 16:46:33 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-04-06 16:46:58 -0700 |
commit | e207986ea08feebd04f32cd2beff0b1602d08074 (patch) | |
tree | 60709dfa0dfdcb796141f712848b81e4f003b6fc /system_server.te | |
parent | c24d90cb5991ee53842c8fddf526187767ec92ec (diff) | |
download | android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2 android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip |
SELinux permissions for gatekeeper TEE proxy
sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients
Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te index aa0328f..27fd704 100644 --- a/system_server.te +++ b/system_server.te @@ -360,6 +360,7 @@ allow system_server pstorefs:file r_file_perms; allow system_server drmserver_service:service_manager find; allow system_server healthd_service:service_manager find; allow system_server keystore_service:service_manager find; +allow system_server gatekeeper_service:service_manager find; allow system_server mediaserver_service:service_manager find; allow system_server nfc_service:service_manager find; allow system_server radio_service:service_manager find; |