Add neverallow rules further restricing service_manager.

Add a neverallow rule that prevents domain from adding a
default_android_service. Add a neverallow rule that prevents
untrusted_app from ever adding a service through
servicemanager.

Change-Id: I963671fb1224147bb49ec8f0b6be0dcc91c23156

domain.te

@@ -289,3 +289,10 @@ neverallow domain {fs_type -contextmount_type}:filesystem relabelto;
 # mount to another type.
 neverallow { domain -recovery } contextmount_type:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Do not allow service_manager add for default_android_service.
+# Instead domains should use a more specific type such as
+# system_app_service rather than the generic type.
+# New service_types are defined in service.te and new mappings
+# from service name to service_type are defined in service_contexts.
+neverallow domain default_android_service:service_manager add;

untrusted_app.te

@@ -71,3 +71,8 @@ allow untrusted_app cache_file:file create_file_perms;
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
 neverallow untrusted_app debugfs:file read;
+
+# Do not allow untrusted apps to register services.
+# Only trusted components of Android should be registering
+# services.
+neverallow untrusted_app service_manager_type:service_manager add;