Merge "Expand access to gatekeeperd."

0bc92cea · Alex Klyubin · Gerrit Code Review · 13dec5fa · effcac7d · 0bc92cea
Commit 0bc92cea authored 10 years ago by Alex Klyubin Committed by Gerrit Code Review 10 years ago
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -3,6 +3,7 @@ type gatekeeperd_exec, exec_type, file_type;

 # gatekeeperd
 init_daemon_domain(gatekeeperd)
+binder_service(gatekeeperd)
 binder_use(gatekeeperd)
 allow gatekeeperd tee_device:chr_file rw_file_perms;


--- a/service.te
+++ b/service.te
 type bluetooth_service,         service_manager_type;
 type default_android_service,   service_manager_type;
 type drmserver_service,         service_manager_type;
+type gatekeeper_service,        app_api_service, service_manager_type;
 type healthd_service,           service_manager_type;
 type inputflinger_service,      service_manager_type;
 type keystore_service,          service_manager_type;
-type gatekeeper_service,        service_manager_type;
 type mediaserver_service,       service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -93,10 +93,6 @@ allow untrusted_app persistent_data_block_service:service_manager find;
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;

-# Apps using KeyStore API will request the SID from GateKeeper
-allow untrusted_app gatekeeper_service:service_manager find;
-binder_call(untrusted_app, gatekeeperd)
-
 ###
 ### neverallow rules
 ###