Merge "Record observed service accesses."
This commit is contained in:
dcashman
Gerrit Code Review
commit
59abf4cc49
9 changed files with 34 additions and 0 deletions
|
|
@ -70,6 +70,7 @@ auditallow bluetooth {
|
|||
-network_management_service
|
||||
-power_service
|
||||
-registry_service
|
||||
-user_service
|
||||
}:service_manager find;
|
||||
|
||||
# already open bugreport file descriptors may be shared with
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@ allow isolated_app app_data_file:file { read write getattr };
|
|||
allow isolated_app activity_service:service_manager find;
|
||||
allow isolated_app display_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(isolated_app)
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -87,10 +87,12 @@ allow mediaserver tmp_system_server_service:service_manager find;
|
|||
service_manager_local_audit_domain(mediaserver)
|
||||
auditallow mediaserver {
|
||||
tmp_system_server_service
|
||||
-activity_service
|
||||
-appops_service
|
||||
-batterystats_service
|
||||
-permission_service
|
||||
-power_service
|
||||
-processinfo_service
|
||||
-scheduling_policy_service
|
||||
}:service_manager find;
|
||||
|
||||
|
|
|
|||
1
nfc.te
1
nfc.te
|
|
@ -40,6 +40,7 @@ auditallow nfc {
|
|||
-dropbox_service
|
||||
-network_management_service
|
||||
-power_service
|
||||
-registry_service
|
||||
-trust_service
|
||||
-user_service
|
||||
-vibrator_service
|
||||
|
|
|
|||
|
|
@ -69,10 +69,14 @@ auditallow platform_app {
|
|||
-power_service
|
||||
-registry_service
|
||||
-search_service
|
||||
-sensorservice_service
|
||||
-statusbar_service
|
||||
-trust_service
|
||||
-uimode_service
|
||||
-usb_service
|
||||
-user_service
|
||||
-vibrator_service
|
||||
-wallpaper_service
|
||||
-webviewupdate_service
|
||||
-wifi_service
|
||||
}:service_manager find;
|
||||
|
|
|
|||
7
radio.te
7
radio.te
|
|
@ -40,13 +40,19 @@ allow radio tmp_system_server_service:service_manager find;
|
|||
service_manager_local_audit_domain(radio)
|
||||
auditallow radio {
|
||||
tmp_system_server_service
|
||||
-accessibility_service
|
||||
-account_service
|
||||
-activity_service
|
||||
-appops_service
|
||||
-assetatlas_service
|
||||
-bluetooth_manager_service
|
||||
-connectivity_service
|
||||
-content_service
|
||||
-country_detector_service
|
||||
-display_service
|
||||
-dropbox_service
|
||||
-imms_service
|
||||
-input_method_service
|
||||
-netstats_service
|
||||
-network_management_service
|
||||
-notification_service
|
||||
|
|
@ -54,5 +60,6 @@ auditallow radio {
|
|||
-registry_service
|
||||
-trust_service
|
||||
-user_service
|
||||
-vibrator_service
|
||||
-wifi_service
|
||||
}:service_manager find;
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@ service_manager_local_audit_domain(system_app)
|
|||
auditallow system_app {
|
||||
tmp_system_server_service
|
||||
-accessibility_service
|
||||
-account_service
|
||||
-activity_service
|
||||
-appops_service
|
||||
-appwidget_service
|
||||
|
|
@ -73,17 +74,24 @@ auditallow system_app {
|
|||
-display_service
|
||||
-dreams_service
|
||||
-dropbox_service
|
||||
-fingerprint_service
|
||||
-graphicsstats_service
|
||||
-input_method_service
|
||||
-input_service
|
||||
-lock_settings_service
|
||||
-media_session_service
|
||||
-mount_service
|
||||
-netstats_service
|
||||
-network_management_service
|
||||
-network_score_service
|
||||
-notification_service
|
||||
-power_service
|
||||
-print_service
|
||||
-registry_service
|
||||
-restrictions_service
|
||||
-sensorservice_service
|
||||
-textservices_service
|
||||
-uimode_service
|
||||
-usagestats_service
|
||||
-usb_service
|
||||
-user_service
|
||||
|
|
|
|||
|
|
@ -397,6 +397,7 @@ auditallow system_server {
|
|||
-bluetooth_manager_service
|
||||
-connectivity_service
|
||||
-content_service
|
||||
-country_detector_service
|
||||
-device_policy_service
|
||||
-display_service
|
||||
-dreams_service
|
||||
|
|
@ -412,6 +413,7 @@ auditallow system_server {
|
|||
-media_router_service
|
||||
-media_session_service
|
||||
-mount_service
|
||||
-netpolicy_service
|
||||
-network_management_service
|
||||
-network_score_service
|
||||
-notification_service
|
||||
|
|
|
|||
|
|
@ -98,14 +98,18 @@ auditallow untrusted_app {
|
|||
-battery_service
|
||||
-batterystats_service
|
||||
-bluetooth_manager_service
|
||||
-clipboard_service
|
||||
-connectivity_service
|
||||
-content_service
|
||||
-country_detector_service
|
||||
-default_android_service
|
||||
-device_policy_service
|
||||
-diskstats_service
|
||||
-display_service
|
||||
-dropbox_service
|
||||
-graphicsstats_service
|
||||
-healthd_service
|
||||
-imms_service
|
||||
-input_method_service
|
||||
-input_service
|
||||
-jobscheduler_service
|
||||
|
|
@ -123,13 +127,16 @@ auditallow untrusted_app {
|
|||
-notification_service
|
||||
-persistent_data_block_service
|
||||
-power_service
|
||||
-procstats_service
|
||||
-registry_service
|
||||
-rttmanager_service
|
||||
-search_service
|
||||
-sensorservice_service
|
||||
-statusbar_service
|
||||
-textservices_service
|
||||
-trust_service
|
||||
-uimode_service
|
||||
-usagestats_service
|
||||
-user_service
|
||||
-vibrator_service
|
||||
-voiceinteraction_service
|
||||
|
|
|
|||
Loading…
Reference in a new issue