diff options
author | Nick Kralevich <nnk@google.com> | 2015-04-17 17:56:31 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-04-17 17:56:31 -0700 |
commit | 367757d2ef0ee5c8edc47ce8203a0d3369774e9c (patch) | |
tree | e6b2261fe6846c348c9e468905b0170c38a67705 /untrusted_app.te | |
parent | 6db824a7d909df2235ab6893a07aa9859ec99570 (diff) | |
download | android_external_sepolicy-367757d2ef0ee5c8edc47ce8203a0d3369774e9c.tar.gz android_external_sepolicy-367757d2ef0ee5c8edc47ce8203a0d3369774e9c.tar.bz2 android_external_sepolicy-367757d2ef0ee5c8edc47ce8203a0d3369774e9c.zip |
gatekeeperd: use more specific label for /data file
Use a more specific label for /data/misc/gatekeeper
Rearrange some other rules.
Change-Id: Ib634e52526cf31a8f0a0e6d12bbf0f69dff8f6b5
Diffstat (limited to 'untrusted_app.te')
-rw-r--r-- | untrusted_app.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 5ad8c79..1b7aaee 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -93,6 +93,10 @@ allow untrusted_app persistent_data_block_service:service_manager find; allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms; allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; +# Apps using KeyStore API will request the SID from GateKeeper +allow untrusted_app gatekeeper_service:service_manager find; +binder_call(untrusted_app, gatekeeperd) + ### ### neverallow rules ### |