Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Blame Permalink
  • dcashman's avatar
    23f33615
    Record observed system_server servicemanager service requests. · 23f33615
    dcashman authored 
    Also formally allow dumpstate access to all services and grant system_server
access to address the following non-system_server_service entries:

avc:  granted  { find } for service=drm.drmManager scontext=u:r:system_server:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
avc:  granted  { find } for service=nfc scontext=u:r:system_server:s0 tcontext=u:object_r:nfc_service:s0 tclass=service_manager

Bug: 18106000
Change-Id: Iad16b36acf44bce52c4824f8b53c0e7731c25602
    23f33615
    History
    Record observed system_server servicemanager service requests.
    dcashman authored 
    Also formally allow dumpstate access to all services and grant system_server
access to address the following non-system_server_service entries:

avc:  granted  { find } for service=drm.drmManager scontext=u:r:system_server:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
avc:  granted  { find } for service=nfc scontext=u:r:system_server:s0 tcontext=u:object_r:nfc_service:s0 tclass=service_manager

Bug: 18106000
Change-Id: Iad16b36acf44bce52c4824f8b53c0e7731c25602
radio.te 1.67 KiB 
# phone subsystem
type radio, domain, mlstrustedsubject;
app_domain(radio)
net_domain(radio)
bluetooth_domain(radio)
binder_service(radio)

# Talks to init via the property socket.
unix_socket_connect(radio, property, init)

# Talks to rild via the rild socket.
unix_socket_connect(radio, rild, rild)

# Data file accesses.
allow radio radio_data_file:dir create_dir_perms;
allow radio radio_data_file:notdevfile_class_set create_file_perms;

allow radio alarm_device:chr_file rw_file_perms;

allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;

# Property service
allow radio radio_prop:property_service set;
allow radio net_radio_prop:property_service set;
allow radio system_radio_prop:property_service set;
auditallow radio net_radio_prop:property_service set;
auditallow radio system_radio_prop:property_service set;

# ctl interface
allow radio ctl_rildaemon_prop:property_service set;

allow radio drmserver_service:service_manager find;
allow radio mediaserver_service:service_manager find;
allow radio radio_service:service_manager { add find };
allow radio surfaceflinger_service:service_manager find;
allow radio system_server_service:service_manager find;
allow radio tmp_system_server_service:service_manager find;

service_manager_local_audit_domain(radio)
auditallow radio {
    tmp_system_server_service
    -activity_service
    -appops_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service
    -display_service
    -dropbox_service
    -netstats_service
    -network_management_service
    -notification_service
    -power_service
    -registry_service
    -trust_service
    -user_service
    -wifi_service
}:service_manager find;