From 840e522e68c6036b840072c4c8941e12273521f2 Mon Sep 17 00:00:00 2001
From: Riley Spahn <rileyspahn@google.com>
Date: Mon, 28 Jul 2014 10:00:57 -0700
Subject: [PATCH] Remove dumpstate from servicemanager list auditallow.

Do not auditallow dumpstate as it is the only instance
of listing services seen so far.

Change-Id: I1c142cf5a3a745ea64b22f3a14b8395b24f2e1d0
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 015274bf0..9ae611c6e 100644
--- a/domain.te
+++ b/domain.te
@@ -159,7 +159,7 @@ allow domain asec_public_file:file r_file_perms;
 allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 
 allow domain servicemanager:service_manager list;
-auditallow domain servicemanager:service_manager list;
+auditallow { domain -dumpstate } servicemanager:service_manager list;
 allow domain service_manager_type:service_manager find;
 auditallow { domain -service_manager_local_audit } service_manager_type:service_manager find;
 
-- 
GitLab