From 13abb1701b1888a793e4d22e59d780779bd175f7 Mon Sep 17 00:00:00 2001
From: Andres Morales <anmorales@google.com>
Date: Wed, 8 Apr 2015 19:52:19 -0700
Subject: [PATCH] Allow gatekeeperd to check Android permissions

Change-Id: Ie88568c43642505f68d137843a1f6b7a3de481e5
---
 gatekeeperd.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gatekeeperd.te b/gatekeeperd.te
index 45bf7d948..dfb2c7fc3 100644
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -7,9 +7,15 @@ binder_use(gatekeeperd)
 binder_service(gatekeeperd)
 allow gatekeeperd tee_device:chr_file rw_file_perms;
 
+# need to find KeyStore and add self
 allow gatekeeperd gatekeeper_service:service_manager { add find };
 
+# Need to add auth tokens to KeyStore
 allow gatekeeperd keystore:keystore_key { add_auth };
 
+# For permissions checking
+allow gatekeeperd system_server:binder call;
+allow gatekeeperd permission_service:service_manager find;
+
 neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
 neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;
-- 
GitLab