tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove hal_gatekeeper from gatekeeperd domain am: 6fe344e350

Browse source 
am: 5358a50784

Change-Id: I4c7c7e9a3d1a59be246253603580214085d7918d
This commit is contained in:
Alex Klyubin 2017-01-26 17:14:04 +00:00 committed by android-build-merger
commit 80162e583f
1 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
public/gatekeeperd.te
View file

@ -1,18 +1,26 @@
type gatekeeperd, domain;
# normally uses HAL; implements HAL in pass-through mode only
hal_impl_domain(gatekeeperd, hal_gatekeeper)
type gatekeeperd_exec, exec_type, file_type;
# gatekeeperd
binder_service(gatekeeperd)
binder_use(gatekeeperd)
### Rules needed when Gatekeeper HAL runs inside gatekeeperd process.
### These rules should eventually be granted only when needed.
allow gatekeeperd tee_device:chr_file rw_file_perms;
allow gatekeeperd ion_device:chr_file r_file_perms;
# Load HAL implementation
allow gatekeeperd system_file:dir r_dir_perms;
###
### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
### These rules should eventually be granted only when needed.
hwbinder_use(gatekeeperd)
###
# need to find KeyStore and add self
add_service(gatekeeperd, gatekeeper_service)
# Scan through /system/lib64/hw looking for installed HALs
allow gatekeeperd system_file:dir r_dir_perms;
# Need to add auth tokens to KeyStore
use_keystore(gatekeeperd)
allow gatekeeperd keystore:keystore_key { add_auth };