diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-04-28 16:51:26 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-04-29 10:28:53 -0700 |
| commit | ab5cf6687397bf2b80ecc11cba92876cef7417c9 (patch) | |
| tree | a5a8f4ccb55dd5b661fae883f47c95bf0c06feff /untrusted_app.te | |
| parent | 320a7cac8e632c0bbbebdf55068310eea55f0c78 (diff) | |
| download | android_external_sepolicy-ab5cf6687397bf2b80ecc11cba92876cef7417c9.tar.gz android_external_sepolicy-ab5cf6687397bf2b80ecc11cba92876cef7417c9.tar.bz2 android_external_sepolicy-ab5cf6687397bf2b80ecc11cba92876cef7417c9.zip | |
Expand access to gatekeeperd.
This enables access to gatekeeperd for anybody who invokes Android
framework APIs. This is necessary because the AndroidKeyStore
abstraction offered by the framework API occasionally communicates
with gatekeeperd from the calling process.
(cherry picked from commit effcac7d7eddded5fa31d294dfe3fd1757de51c7)
Bug: 20526234
Change-Id: I450242cd085259b3f82f36f359ee65ff27bebd13
Diffstat (limited to 'untrusted_app.te')
| -rw-r--r-- | untrusted_app.te | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 1b7aaee..5ad8c79 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -93,10 +93,6 @@ allow untrusted_app persistent_data_block_service:service_manager find; allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms; allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; -# Apps using KeyStore API will request the SID from GateKeeper -allow untrusted_app gatekeeper_service:service_manager find; -binder_call(untrusted_app, gatekeeperd) - ### ### neverallow rules ### |