Refine service_manager find auditallow statements.

Add adbd as a service_manager_local_audit_domain and negate surfaceflinger_service in its auditallow. Negate keystore_service and radio_service in the system_app auditallow. Change-Id: I05ea2a3e853b692f151182202f1b30786b44f1fb

Refine service_manager find auditallow statements.
88157ea3 · Riley Spahn · 26d6371c · 88157ea3 · 88157ea3
Commit 88157ea3 authored 10 years ago by Riley Spahn
--- a/adbd.te
+++ b/adbd.te
@@ -68,3 +68,9 @@ allow adbd appdomain:unix_stream_socket connectto;
 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
+
+service_manager_local_audit_domain(adbd)
+auditallow adbd {
+    service_manager_type
+    -surfaceflinger_service
+}:service_manager find;
--- a/system_app.te
+++ b/system_app.te
@@ -69,7 +69,9 @@ control_logd(system_app)
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
    service_manager_type
+    -keystore_service
    -nfc_service
+    -radio_service
    -surfaceflinger_service
    -system_server_service
 }:service_manager find;