am 4b4b2b92: Remove service_manager_local_audit_domain.
* commit '4b4b2b92939cd25095e247d0ed78f600fe40036d': Remove service_manager_local_audit_domain.
This commit is contained in:
dcashman
Android Git Automerger
commit
77cf2f8cde
6 changed files with 0 additions and 16 deletions
|
|
@ -73,6 +73,3 @@ attribute bluetoothdomain;
|
|||
|
||||
# All domains used for binder service domains.
|
||||
attribute binderservicedomain;
|
||||
|
||||
# All domains that are excluded from the domain.te auditallow.
|
||||
attribute service_manager_local_audit;
|
||||
|
|
|
|||
|
|
@ -109,6 +109,5 @@ allow dumpstate tombstone_data_file:file r_file_perms;
|
|||
|
||||
allow dumpstate { service_manager_type -gatekeeper_service }:service_manager find;
|
||||
allow dumpstate servicemanager:service_manager list;
|
||||
service_manager_local_audit_domain(dumpstate)
|
||||
|
||||
allow dumpstate devpts:chr_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -18,8 +18,6 @@ allow isolated_app app_data_file:file { read write getattr lock };
|
|||
allow isolated_app activity_service:service_manager find;
|
||||
allow isolated_app display_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(isolated_app)
|
||||
|
||||
# only allow unprivileged socket ioctl commands
|
||||
allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
|
||||
|
||||
|
|
|
|||
1
shell.te
1
shell.te
|
|
@ -63,7 +63,6 @@ allow shell kernel:system syslog_read;
|
|||
allow shell servicemanager:service_manager list;
|
||||
# don't allow shell to access GateKeeper service
|
||||
allow shell { service_manager_type -gatekeeper_service }:service_manager find;
|
||||
service_manager_local_audit_domain(shell)
|
||||
|
||||
# allow shell to look through /proc/ for ps, top
|
||||
allow shell domain:dir { search open read getattr };
|
||||
|
|
|
|||
1
su.te
1
su.te
|
|
@ -50,5 +50,4 @@ userdebug_or_eng(`
|
|||
dontaudit su domain:debuggerd *;
|
||||
dontaudit su domain:drmservice *;
|
||||
dontaudit su unlabeled:filesystem *;
|
||||
service_manager_local_audit_domain(su)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -353,14 +353,6 @@ define(`use_keystore', `
|
|||
binder_call($1, keystore)
|
||||
')
|
||||
|
||||
###########################################
|
||||
# service_manager_local_audit_domain(domain)
|
||||
# Has its own auditallow rule on service_manager
|
||||
# and should be excluded from the domain.te auditallow.
|
||||
define(`service_manager_local_audit_domain', `
|
||||
typeattribute $1 service_manager_local_audit;
|
||||
')
|
||||
|
||||
###########################################
|
||||
# use_drmservice(domain)
|
||||
# Ability to use DrmService which requires
|
||||
|
|
|
|||
Loading…
Reference in a new issue