diff options
author | dcashman <dcashman@google.com> | 2015-04-08 15:12:24 -0700 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-04-09 09:45:54 -0700 |
commit | bd7f5803f924b0ca318c1d426b683c3f658754f9 (patch) | |
tree | 70d7652b2bc80f0e4983cfd928a2db77173f0574 /system_server.te | |
parent | 03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (diff) | |
download | android_external_sepolicy-bd7f5803f924b0ca318c1d426b683c3f658754f9.tar.gz android_external_sepolicy-bd7f5803f924b0ca318c1d426b683c3f658754f9.tar.bz2 android_external_sepolicy-bd7f5803f924b0ca318c1d426b683c3f658754f9.zip |
Enforce more specific service access.
Move the remaining services from tmp_system_server_service to appropriate
attributes and remove tmp_system_server and associated logging:
registry
restrictions
rttmanager
scheduling_policy
search
sensorservice
serial
servicediscovery
statusbar
task
textservices
telecom_service
trust_service
uimode
updatelock
usagestats
usb
user
vibrator
voiceinteraction
wallpaper
webviewupdate
wifip2p
wifi
window
Bug: 18106000
Change-Id: Ia0a6d47099d82c53ba403af394537db6fbc71ca0
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/system_server.te b/system_server.te index cb5d5cb..ac7a7c7 100644 --- a/system_server.te +++ b/system_server.te @@ -371,27 +371,6 @@ allow system_server nfc_service:service_manager find; allow system_server radio_service:service_manager find; allow system_server system_server_service:service_manager { add find }; allow system_server surfaceflinger_service:service_manager find; -allow system_server tmp_system_server_service:service_manager { add find }; - -service_manager_local_audit_domain(system_server) -auditallow system_server { - tmp_system_server_service - -registry_service - -sensorservice_service - -statusbar_service - -textservices_service - -trust_service - -uimode_service - -updatelock_service - -usagestats_service - -user_service - -vibrator_service - -wallpaper_service - -webviewupdate_service - -wifi_service - -wifip2p_service - -window_service -}:service_manager find; allow system_server keystore:keystore_key { test |