am ab2ff479: am 6db824a7: Merge "New rules for SID access"

* commit 'ab2ff4796030d4ea4aa84fc7943cb90a95387550': New rules for SID access
2015-04-18 00:00:25 +00:00 · 2015-04-18 00:00:25 +00:00 · f4414dbc2a
commit f4414dbc2a
parent 17286c0b0d ab2ff47960
1 changed files with 8 additions and 2 deletions
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@ -17,6 +17,12 @@ allow gatekeeperd keystore:keystore_key { add_auth };
 allow gatekeeperd system_server:binder call;
 allow gatekeeperd permission_service:service_manager find;

-neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
+# for SID file access
+allow gatekeeperd system_data_file:dir { add_name write};
+allow gatekeeperd system_data_file:file { write create open };
+
+# Apps using KeyStore API will request the SID from GateKeeper
+allow untrusted_app gatekeeper_service:service_manager find;
+binder_call(untrusted_app, gatekeeperd)
+
 neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;
-neverallow { domain -system_server } gatekeeperd:binder call;