Skip to content
Snippets Groups Projects
Commit 958ef563 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Further refined service_manager auditallow statements."

parents 88157ea3 603bc205
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bluetooth.te
+ 1
0
View file @ 958ef563
......@@ -54,6 +54,7 @@ service_manager_local_audit_domain(bluetooth)
auditallow bluetooth {
service_manager_type
-bluetooth_service
-radio_service
-system_server_service
}:service_manager find;
......
drmserver.te
+ 5
1
View file @ 958ef563
......@@ -49,4 +49,8 @@ allow drmserver drmserver_service:service_manager add;
# Audited locally.
service_manager_local_audit_domain(drmserver)
auditallow drmserver { service_manager_type -drmserver_service }:service_manager find;
auditallow drmserver {
service_manager_type
-drmserver_service
-system_server_service
}:service_manager find;
dumpstate.te
+ 15
0
View file @ 958ef563
......@@ -96,3 +96,18 @@ control_logd(dumpstate)
# Read network state info files.
allow dumpstate net_data_file:dir search;
allow dumpstate net_data_file:file r_file_perms;
service_manager_local_audit_domain(dumpstate)
auditallow dumpstate {
service_manager_type
-drmserver_service
-healthd_service
-inputflinger_service
-keystore_service
-mediaserver_service
-nfc_service
-radio_service
-surfaceflinger_service
-system_app_service
-system_server_service
}:service_manager find;
isolated_app.te
+ 6
1
View file @ 958ef563
......@@ -21,4 +21,9 @@ allow isolated_app app_data_file:file execute;
# Audited locally.
service_manager_local_audit_domain(isolated_app)
auditallow isolated_app service_manager_type:service_manager find;
auditallow isolated_app {
service_manager_type
-radio_service
-surfaceflinger_service
-system_server_service
}:service_manager find;
nfc.te
+ 1
0
View file @ 958ef563
......@@ -21,5 +21,6 @@ service_manager_local_audit_domain(nfc)
auditallow nfc {
service_manager_type
-mediaserver_service
-surfaceflinger_service
-system_server_service
}:service_manager find;
radio.te
+ 1
0
View file @ 958ef563
......@@ -35,5 +35,6 @@ auditallow radio {
service_manager_type
-mediaserver_service
-radio_service
-surfaceflinger_service
-system_server_service
}:service_manager find;
untrusted_app.te
+ 1
0
View file @ 958ef563
......@@ -69,6 +69,7 @@ service_manager_local_audit_domain(untrusted_app)
auditallow untrusted_app {
service_manager_type
-drmserver_service
-keystore_service
-mediaserver_service
-nfc_service
-radio_service
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment