Merge "Allow gatekeeperd to check Android permissions"

186c82ff · Andres Morales · Gerrit Code Review · 03a6f64f · 13abb170 · 186c82ff
Commit 186c82ff authored 9 years ago by Andres Morales Committed by Gerrit Code Review 9 years ago
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -7,9 +7,15 @@ binder_use(gatekeeperd)
 binder_service(gatekeeperd)
 allow gatekeeperd tee_device:chr_file rw_file_perms;
+# need to find KeyStore and add self
 allow gatekeeperd gatekeeper_service:service_manager { add find };
+# Need to add auth tokens to KeyStore
 allow gatekeeperd keystore:keystore_key { add_auth };
+# For permissions checking
+allow gatekeeperd system_server:binder call;
+allow gatekeeperd permission_service:service_manager find;
 neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
 neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;