Enforce more specific service access.
Move the following services from tmp_system_server_service to appropriate attributes: battery bluetooth_manager clipboard commontime_management connectivity content country_detector device_policy deviceidle Bug: 18106000 Change-Id: I0d0f2a075c0509a783631d88ba453ac13399cdf2
This commit is contained in:
dcashman
Nick Kralevich
parent
44c95e9a26
commit
d4c78f4b3f
9 changed files with 9 additions and 40 deletions
|
|
@ -60,8 +60,6 @@ allow bluetooth system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(bluetooth)
|
service_manager_local_audit_domain(bluetooth)
|
||||||
auditallow bluetooth {
|
auditallow bluetooth {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
-media_session_service
|
-media_session_service
|
||||||
|
|
|
||||||
3
nfc.te
3
nfc.te
|
|
@ -30,9 +30,6 @@ allow nfc system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(nfc)
|
service_manager_local_audit_domain(nfc)
|
||||||
auditallow nfc {
|
auditallow nfc {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
-network_management_service
|
-network_management_service
|
||||||
|
|
|
||||||
|
|
@ -39,10 +39,6 @@ allow platform_app system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(platform_app)
|
service_manager_local_audit_domain(platform_app)
|
||||||
auditallow platform_app {
|
auditallow platform_app {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-device_policy_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dreams_service
|
-dreams_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
|
|
|
||||||
4
radio.te
4
radio.te
|
|
@ -41,10 +41,6 @@ allow radio system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(radio)
|
service_manager_local_audit_domain(radio)
|
||||||
auditallow radio {
|
auditallow radio {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-country_detector_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
-imms_service
|
-imms_service
|
||||||
|
|
|
||||||
19
service.te
19
service.te
|
|
@ -22,20 +22,19 @@ type assetatlas_service, app_api_service, system_server_service, service_manager
|
||||||
type audio_service, app_api_service, system_server_service, service_manager_type;
|
type audio_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type backup_service, system_api_service, system_server_service, service_manager_type;
|
type backup_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type batterystats_service, app_api_service, system_server_service, service_manager_type;
|
type batterystats_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type battery_service, tmp_system_server_service, service_manager_type;
|
type battery_service, system_server_service, service_manager_type;
|
||||||
type bluetooth_manager_service, tmp_system_server_service, service_manager_type;
|
type bluetooth_manager_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type clipboard_service, tmp_system_server_service, service_manager_type;
|
type clipboard_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type IMms_service, tmp_system_server_service, service_manager_type;
|
|
||||||
type IProxyService_service, system_api_service, system_server_service, service_manager_type;
|
type IProxyService_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type commontime_management_service, tmp_system_server_service, service_manager_type;
|
type commontime_management_service, system_server_service, service_manager_type;
|
||||||
type connectivity_service, tmp_system_server_service, service_manager_type;
|
type connectivity_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
|
type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type content_service, tmp_system_server_service, service_manager_type;
|
type content_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type country_detector_service, tmp_system_server_service, service_manager_type;
|
type country_detector_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
|
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
|
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
|
||||||
type device_policy_service, tmp_system_server_service, service_manager_type;
|
type device_policy_service, app_api_service, system_server_service, service_manager_type;
|
||||||
type deviceidle_service, tmp_system_server_service, service_manager_type;
|
type deviceidle_service, system_server_service, service_manager_type;
|
||||||
type devicestoragemonitor_service, system_server_service, service_manager_type;
|
type devicestoragemonitor_service, system_server_service, service_manager_type;
|
||||||
type diskstats_service, tmp_system_server_service, service_manager_type;
|
type diskstats_service, tmp_system_server_service, service_manager_type;
|
||||||
type display_service, tmp_system_server_service, service_manager_type;
|
type display_service, tmp_system_server_service, service_manager_type;
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s
|
||||||
bluetooth u:object_r:bluetooth_service:s0
|
bluetooth u:object_r:bluetooth_service:s0
|
||||||
carrier_config u:object_r:radio_service:s0
|
carrier_config u:object_r:radio_service:s0
|
||||||
clipboard u:object_r:clipboard_service:s0
|
clipboard u:object_r:clipboard_service:s0
|
||||||
com.android.internal.telephony.mms.IMms u:object_r:IMms_service:s0
|
|
||||||
com.android.net.IProxyService u:object_r:IProxyService_service:s0
|
com.android.net.IProxyService u:object_r:IProxyService_service:s0
|
||||||
commontime_management u:object_r:commontime_management_service:s0
|
commontime_management u:object_r:commontime_management_service:s0
|
||||||
common_time.clock u:object_r:mediaserver_service:s0
|
common_time.clock u:object_r:mediaserver_service:s0
|
||||||
|
|
|
||||||
|
|
@ -60,10 +60,6 @@ allow system_app system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(system_app)
|
service_manager_local_audit_domain(system_app)
|
||||||
auditallow system_app {
|
auditallow system_app {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-device_policy_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dreams_service
|
-dreams_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
|
|
|
||||||
|
|
@ -371,11 +371,6 @@ allow system_server tmp_system_server_service:service_manager { add find };
|
||||||
service_manager_local_audit_domain(system_server)
|
service_manager_local_audit_domain(system_server)
|
||||||
auditallow system_server {
|
auditallow system_server {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-country_detector_service
|
|
||||||
-device_policy_service
|
|
||||||
-display_service
|
-display_service
|
||||||
-dreams_service
|
-dreams_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
|
|
|
||||||
|
|
@ -90,13 +90,6 @@ allow untrusted_app system_api_service:service_manager find;
|
||||||
service_manager_local_audit_domain(untrusted_app)
|
service_manager_local_audit_domain(untrusted_app)
|
||||||
auditallow untrusted_app {
|
auditallow untrusted_app {
|
||||||
tmp_system_server_service
|
tmp_system_server_service
|
||||||
-bluetooth_manager_service
|
|
||||||
-clipboard_service
|
|
||||||
-connectivity_service
|
|
||||||
-content_service
|
|
||||||
-country_detector_service
|
|
||||||
-default_android_service
|
|
||||||
-device_policy_service
|
|
||||||
-diskstats_service
|
-diskstats_service
|
||||||
-display_service
|
-display_service
|
||||||
-dropbox_service
|
-dropbox_service
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue