Skip to content
Snippets Groups Projects
Commit 88157ea3 authored by Riley Spahn's avatar Riley Spahn
Browse files

Refine service_manager find auditallow statements.

Add adbd as a service_manager_local_audit_domain and negate
surfaceflinger_service in its auditallow. Negate keystore_service
and radio_service in the system_app auditallow.

Change-Id: I05ea2a3e853b692f151182202f1b30786b44f1fb
parent 26d6371c
No related branches found
No related tags found
No related merge requests found
......@@ -68,3 +68,9 @@ allow adbd appdomain:unix_stream_socket connectto;
# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;
service_manager_local_audit_domain(adbd)
auditallow adbd {
service_manager_type
-surfaceflinger_service
}:service_manager find;
......@@ -69,7 +69,9 @@ control_logd(system_app)
service_manager_local_audit_domain(system_app)
auditallow system_app {
service_manager_type
-keystore_service
-nfc_service
-radio_service
-surfaceflinger_service
-system_server_service
}:service_manager find;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment