Skip to content
Snippets Groups Projects
Commit 40af9962 authored by dcashman's avatar dcashman Committed by Android Git Automerger
Browse files

am 31a8511a: am 23f33615: Record observed system_server servicemanager service requests.

* commit '31a8511a':
  Record observed system_server servicemanager service requests.
parents 2a5b5174 31a8511a
No related branches found
No related tags found
No related merge requests found
......@@ -53,4 +53,10 @@ allow drmserver drmserver_service:service_manager { add find };
allow drmserver system_server_service:service_manager find;
allow drmserver tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(drmserver)
auditallow drmserver {
tmp_system_server_service
-permission_service
}:service_manager find;
selinux_check_access(drmserver)
......@@ -104,20 +104,8 @@ allow dumpstate net_data_file:file r_file_perms;
allow dumpstate tombstone_data_file:dir r_dir_perms;
allow dumpstate tombstone_data_file:file r_file_perms;
allow dumpstate {
drmserver_service
healthd_service
inputflinger_service
keystore_service
mediaserver_service
nfc_service
radio_service
surfaceflinger_service
system_app_service
system_server_service
tmp_system_server_service
}:service_manager find;
allow dumpstate service_manager_type:service_manager find;
allow dumpstate servicemanager:service_manager list;
service_manager_local_audit_domain(dumpstate)
allow dumpstate devpts:chr_file rw_file_perms;
......@@ -84,15 +84,10 @@ allow mediaserver system_server_service:service_manager find;
allow mediaserver surfaceflinger_service:service_manager find;
allow mediaserver tmp_system_server_service:service_manager find;
# address tmp_system_server_service accesses
allow mediaserver batterystats_service:service_manager find;
allow mediaserver permission_service:service_manager find;
allow mediaserver power_service:service_manager find;
allow mediaserver scheduling_policy_service:service_manager find;
service_manager_local_audit_domain(mediaserver)
auditallow mediaserver {
tmp_system_server_service
-appops_service
-batterystats_service
-permission_service
-power_service
......
......@@ -25,3 +25,22 @@ allow nfc radio_service:service_manager find;
allow nfc surfaceflinger_service:service_manager find;
allow nfc system_server_service:service_manager find;
allow nfc tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(nfc)
auditallow nfc {
tmp_system_server_service
-accessibility_service
-activity_service
-appops_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
-display_service
-dropbox_service
-network_management_service
-power_service
-trust_service
-user_service
-vibrator_service
}:service_manager find;
\ No newline at end of file
......@@ -39,6 +39,7 @@ service_manager_local_audit_domain(platform_app)
auditallow platform_app {
tmp_system_server_service
-accessibility_service
-account_service
-activity_service
-appops_service
-appwidget_service
......
......@@ -42,11 +42,17 @@ auditallow radio {
tmp_system_server_service
-activity_service
-appops_service
-bluetooth_manager_service
-connectivity_service
-content_service
-display_service
-dropbox_service
-netstats_service
-network_management_service
-notification_service
-power_service
-registry_service
-trust_service
-user_service
-wifi_service
}:service_manager find;
......@@ -12,3 +12,9 @@ allow shared_relro shared_relro_file:file create_file_perms;
# Needs to contact the "webviewupdate" and "activity" services
allow shared_relro system_server_service:service_manager find;
allow shared_relro tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(shared_relro)
auditallow shared_relro {
tmp_system_server_service
-webviewupdate_service
}:service_manager find;
......@@ -60,6 +60,7 @@ allow shell kernel:system syslog_read;
# allow shell access to services
allow shell servicemanager:service_manager list;
allow shell service_manager_type:service_manager find;
service_manager_local_audit_domain(shell)
# allow shell to look through /proc/ for ps, top
allow shell domain:dir { search open read getattr };
......
......@@ -62,11 +62,32 @@ auditallow system_app {
-accessibility_service
-activity_service
-appops_service
-appwidget_service
-assetatlas_service
-audio_service
-backup_service
-bluetooth_manager_service
-connectivity_service
-content_service
-device_policy_service
-display_service
-dreams_service
-dropbox_service
-input_method_service
-input_service
-lock_settings_service
-mount_service
-network_management_service
-notification_service
-power_service
-print_service
-registry_service
-sensorservice_service
-usagestats_service
-usb_service
-user_service
-vibrator_service
-wifi_service
}:service_manager find;
allow system_app keystore:keystore_key {
......
......@@ -368,9 +368,11 @@ allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
allow system_server pstorefs:dir r_dir_perms;
allow system_server pstorefs:file r_file_perms;
allow system_server drmserver_service:service_manager find;
allow system_server healthd_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server system_server_service:service_manager { add find };
allow system_server surfaceflinger_service:service_manager find;
......@@ -380,9 +382,11 @@ allow system_server tmp_system_server_service:service_manager { add find };
allow system_server service_manager_type:service_manager find;
auditallow system_server {
service_manager_type
-drmserver_service
-healthd_service
-keystore_service
-mediaserver_service
-nfc_service
-radio_service
-system_server_service
-surfaceflinger_service
......@@ -422,6 +426,7 @@ auditallow system_server {
-network_score_service
-notification_service
-package_service
-permission_service
-power_service
-registry_service
-sensorservice_service
......
......@@ -90,18 +90,27 @@ auditallow untrusted_app {
-assetatlas_service
-audio_service
-backup_service
-battery_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
-country_detector_service
-default_android_service
-device_policy_service
-display_service
-dropbox_service
-input_method_service
-input_service
-jobscheduler_service
-launcherapps_service
-location_service
-lock_settings_service
-media_router_service
-media_session_service
-meminfo_service
-mount_service
-netpolicy_service
-netstats_service
-network_management_service
-network_score_service
......@@ -109,13 +118,18 @@ auditallow untrusted_app {
-persistent_data_block_service
-power_service
-registry_service
-search_service
-sensorservice_service
-textservices_service
-trust_service
-uimode_service
-user_service
-vibrator_service
-voiceinteraction_service
-wallpaper_service
-webviewupdate_service
-wifi_service
-wifip2p_service
}:service_manager find;
###
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment