diff options
author | dcashman <dcashman@google.com> | 2015-04-08 13:04:59 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-04-08 20:26:50 +0000 |
commit | 03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (patch) | |
tree | fff02620b904aea27175874b077490807a4dc706 /untrusted_app.te | |
parent | 9bef25026b43ccfb656a3a53b74a787ca3376227 (diff) | |
download | android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.gz android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.tar.bz2 android_external_sepolicy-03a6f64f9568e2c58eb043463a5b4ff1cf10bef6.zip |
Enforce more specific service access.
Move the following services from tmp_system_server_service to appropriate
attributes:
network_management
network_score
notification
package
permission
persistent
power
print
processinfo
procstats
Bug: 18106000
Change-Id: I9dfb41fa41cde72ef0059668410a2e9eb1af491c
Diffstat (limited to 'untrusted_app.te')
-rw-r--r-- | untrusted_app.te | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index c1135e8..c94092a 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -87,15 +87,12 @@ allow untrusted_app app_api_service:service_manager find; # TODO: remove this once priv-apps are no longer running in untrusted_app allow untrusted_app system_api_service:service_manager find; +# TODO: remove and replace with specific package that accesses this +allow untrusted_app persistent_data_block_service:service_manager find; + service_manager_local_audit_domain(untrusted_app) auditallow untrusted_app { tmp_system_server_service - -network_management_service - -network_score_service - -notification_service - -persistent_data_block_service - -power_service - -procstats_service -registry_service -rttmanager_service -search_service |