Expand access to gatekeeperd.
This enables access to gatekeeperd for anybody who invokes Android framework APIs. This is necessary because the AndroidKeyStore abstraction offered by the framework API occasionally communicates with gatekeeperd from the calling process. Bug: 20526234 Change-Id: I3362ba07d1a7e5f1c47fe7e9ba6aec5ac3fec747
This commit is contained in:
parent
3ee85ca6aa
commit
effcac7d7e
3 changed files with 2 additions and 5 deletions
|
@ -3,6 +3,7 @@ type gatekeeperd_exec, exec_type, file_type;
|
||||||
|
|
||||||
# gatekeeperd
|
# gatekeeperd
|
||||||
init_daemon_domain(gatekeeperd)
|
init_daemon_domain(gatekeeperd)
|
||||||
|
binder_service(gatekeeperd)
|
||||||
binder_use(gatekeeperd)
|
binder_use(gatekeeperd)
|
||||||
allow gatekeeperd tee_device:chr_file rw_file_perms;
|
allow gatekeeperd tee_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
type bluetooth_service, service_manager_type;
|
type bluetooth_service, service_manager_type;
|
||||||
type default_android_service, service_manager_type;
|
type default_android_service, service_manager_type;
|
||||||
type drmserver_service, service_manager_type;
|
type drmserver_service, service_manager_type;
|
||||||
|
type gatekeeper_service, app_api_service, service_manager_type;
|
||||||
type healthd_service, service_manager_type;
|
type healthd_service, service_manager_type;
|
||||||
type inputflinger_service, service_manager_type;
|
type inputflinger_service, service_manager_type;
|
||||||
type keystore_service, service_manager_type;
|
type keystore_service, service_manager_type;
|
||||||
type gatekeeper_service, service_manager_type;
|
|
||||||
type mediaserver_service, service_manager_type;
|
type mediaserver_service, service_manager_type;
|
||||||
type nfc_service, service_manager_type;
|
type nfc_service, service_manager_type;
|
||||||
type radio_service, service_manager_type;
|
type radio_service, service_manager_type;
|
||||||
|
|
|
@ -93,10 +93,6 @@ allow untrusted_app persistent_data_block_service:service_manager find;
|
||||||
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
|
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
|
||||||
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
|
allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
|
||||||
|
|
||||||
# Apps using KeyStore API will request the SID from GateKeeper
|
|
||||||
allow untrusted_app gatekeeper_service:service_manager find;
|
|
||||||
binder_call(untrusted_app, gatekeeperd)
|
|
||||||
|
|
||||||
###
|
###
|
||||||
### neverallow rules
|
### neverallow rules
|
||||||
###
|
###
|
||||||
|
|
Loading…
Reference in a new issue