SELinux permissions for gatekeeper TEE proxy

sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
author: Andres Morales <anmorales@google.com> 2015-04-03 16:46:33 -0700
committer: Andres Morales <anmorales@google.com> 2015-04-06 16:46:58 -0700
commit: e207986ea08feebd04f32cd2beff0b1602d08074 (patch)
tree: 60709dfa0dfdcb796141f712848b81e4f003b6fc /system_server.te
parent: c24d90cb5991ee53842c8fddf526187767ec92ec (diff)
download: android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz
android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2
android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te
index aa0328f..27fd704 100644
--- a/system_server.te
+++ b/system_server.te
@@ -360,6 +360,7 @@ allow system_server pstorefs:file r_file_perms;
 allow system_server drmserver_service:service_manager find;
 allow system_server healthd_service:service_manager find;
 allow system_server keystore_service:service_manager find;
+allow system_server gatekeeper_service:service_manager find;
 allow system_server mediaserver_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
author	Andres Morales <anmorales@google.com>	2015-04-03 16:46:33 -0700
committer	Andres Morales <anmorales@google.com>	2015-04-06 16:46:58 -0700
commit	e207986ea08feebd04f32cd2beff0b1602d08074 (patch)
tree	60709dfa0dfdcb796141f712848b81e4f003b6fc /system_server.te
parent	c24d90cb5991ee53842c8fddf526187767ec92ec (diff)
download	android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.gz android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.tar.bz2 android_external_sepolicy-e207986ea08feebd04f32cd2beff0b1602d08074.zip