tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforce more specific service access.

Browse source 
Move the following services from tmp_system_server_service to appropriate
attributes:

battery
bluetooth_manager
clipboard
commontime_management
connectivity
content
country_detector
device_policy
deviceidle

Bug: 18106000
Change-Id: I0d0f2a075c0509a783631d88ba453ac13399cdf2
This commit is contained in:
dcashman 2015-04-06 17:27:42 -07:00 committed by Nick Kralevich
parent 44c95e9a26
commit d4c78f4b3f
9 changed files with 9 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bluetooth.te
View file

@ -60,8 +60,6 @@ allow bluetooth system_api_service:service_manager find;
service_manager_local_audit_domain(bluetooth)
auditallow bluetooth {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-display_service
-dropbox_service
-media_session_service

3
nfc.te
View file

@ -30,9 +30,6 @@ allow nfc system_api_service:service_manager find;
service_manager_local_audit_domain(nfc)
auditallow nfc {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-content_service
-display_service
-dropbox_service
-network_management_service

4
platform_app.te
View file

@ -39,10 +39,6 @@ allow platform_app system_api_service:service_manager find;
service_manager_local_audit_domain(platform_app)
auditallow platform_app {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-content_service
-device_policy_service
-display_service
-dreams_service
-dropbox_service

4
radio.te
View file

@ -41,10 +41,6 @@ allow radio system_api_service:service_manager find;
service_manager_local_audit_domain(radio)
auditallow radio {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-content_service
-country_detector_service
-display_service
-dropbox_service
-imms_service

19
service.te
View file

@ -22,20 +22,19 @@ type assetatlas_service, app_api_service, system_server_service, service_manager
type audio_service, app_api_service, system_server_service, service_manager_type;
type backup_service, system_api_service, system_server_service, service_manager_type;
type batterystats_service, app_api_service, system_server_service, service_manager_type;
type battery_service, tmp_system_server_service, service_manager_type;
type bluetooth_manager_service, tmp_system_server_service, service_manager_type;
type clipboard_service, tmp_system_server_service, service_manager_type;
type IMms_service, tmp_system_server_service, service_manager_type;
type battery_service, system_server_service, service_manager_type;
type bluetooth_manager_service, system_api_service, system_server_service, service_manager_type;
type clipboard_service, app_api_service, system_server_service, service_manager_type;
type IProxyService_service, system_api_service, system_server_service, service_manager_type;
type commontime_management_service, tmp_system_server_service, service_manager_type;
type connectivity_service, tmp_system_server_service, service_manager_type;
type commontime_management_service, system_server_service, service_manager_type;
type connectivity_service, app_api_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
type content_service, tmp_system_server_service, service_manager_type;
type country_detector_service, tmp_system_server_service, service_manager_type;
type content_service, app_api_service, system_server_service, service_manager_type;
type country_detector_service, system_api_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_policy_service, tmp_system_server_service, service_manager_type;
type deviceidle_service, tmp_system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
type deviceidle_service, system_server_service, service_manager_type;
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, tmp_system_server_service, service_manager_type;
type display_service, tmp_system_server_service, service_manager_type;

1
service_contexts
View file

@ -17,7 +17,6 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s
bluetooth u:object_r:bluetooth_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.internal.telephony.mms.IMms u:object_r:IMms_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
commontime_management u:object_r:commontime_management_service:s0
common_time.clock u:object_r:mediaserver_service:s0

4
system_app.te
View file

@ -60,10 +60,6 @@ allow system_app system_api_service:service_manager find;
service_manager_local_audit_domain(system_app)
auditallow system_app {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-content_service
-device_policy_service
-display_service
-dreams_service
-dropbox_service

5
system_server.te
View file

@ -371,11 +371,6 @@ allow system_server tmp_system_server_service:service_manager { add find };
service_manager_local_audit_domain(system_server)
auditallow system_server {
tmp_system_server_service
-bluetooth_manager_service
-connectivity_service
-content_service
-country_detector_service
-device_policy_service
-display_service
-dreams_service
-dropbox_service

7
untrusted_app.te
View file

@ -90,13 +90,6 @@ allow untrusted_app system_api_service:service_manager find;
service_manager_local_audit_domain(untrusted_app)
auditallow untrusted_app {
tmp_system_server_service
-bluetooth_manager_service
-clipboard_service
-connectivity_service
-content_service
-country_detector_service
-default_android_service
-device_policy_service
-diskstats_service
-display_service
-dropbox_service