From 7d1deec4c48a5c15a12249aa841ec5dabab6f814 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Fri, 16 Jan 2015 15:52:01 -0800
Subject: [PATCH] Record surfaceflinger power_service access.

Address the following log entry:
SELinux : avc:  granted  { find } for service=power scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:power_service:s0 tclass=service_manager

Change-Id: Id750ba9f99c622351fb3206ad007eae8a713adea
---
 surfaceflinger.te | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/surfaceflinger.te b/surfaceflinger.te
index f0eeec3c8..00948cff2 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -64,6 +64,17 @@ allow surfaceflinger surfaceflinger_service:service_manager { add find };
 allow surfaceflinger system_server_service:service_manager find;
 allow surfaceflinger tmp_system_server_service:service_manager find;
 
+# address tmp_system_server_service accesses
+allow surfaceflinger {
+    power_service
+}:service_manager find;
+
+service_manager_local_audit_domain(surfaceflinger)
+auditallow surfaceflinger {
+    tmp_system_server_service
+    -power_service
+}:service_manager find;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab