Skip to content
Snippets Groups Projects
Commit 000b6949 authored by dcashman's avatar dcashman
Browse files

Enable permission checking by binderservicedomain. 

binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control.  Allow these
services to query the permission service for access decisions.

(cherry-pick of commit: 32d207e0)

Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
parent 6fc134e3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
binderservicedomain.te
+ 3
0
View file @ 000b6949
...@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms; ...@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
allow binderservicedomain appdomain:fd use; allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write; allow binderservicedomain appdomain:fifo_file write;
# allow all services to run permission checks
allow binderservicedomain permission_service:service_manager find;
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify }; allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
use_keystore(binderservicedomain) use_keystore(binderservicedomain)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment