diff options
author | Riley Spahn <rileyspahn@google.com> | 2014-07-07 13:56:27 -0700 |
---|---|---|
committer | Riley Spahn <rileyspahn@google.com> | 2014-07-14 11:09:27 -0700 |
commit | b8511e0d98880a683c276589ab7d8d7666b7f8c1 (patch) | |
tree | 1637502428877a77f91c0c701ab5eef966fcd1a4 /untrusted_app.te | |
parent | c103da877b72aae80616dbc192982aaf75dfe888 (diff) | |
download | android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.gz android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.tar.bz2 android_external_sepolicy-b8511e0d98880a683c276589ab7d8d7666b7f8c1.zip |
Add access control for each service_manager action.
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
Change-Id: I224b1c6a6e21e3cdeb23badfc35c82a37558f964
Diffstat (limited to 'untrusted_app.te')
-rw-r--r-- | untrusted_app.te | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index f29149e..346716a 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -64,6 +64,17 @@ allow untrusted_app media_rw_data_file:file create_file_perms; allow untrusted_app cache_file:dir create_dir_perms; allow untrusted_app cache_file:file create_file_perms; +# Audited locally. +service_manager_local_audit_domain(untrusted_app) +auditallow untrusted_app { + service_manager_type + -drmserver_service + -mediaserver_service + -nfc_service + -surfaceflinger_service + -system_server_service +}:service_manager find; + ### ### neverallow rules ### |