aa8bb3a29b
a54bed6907
Bug: 151660495
Test: verified proper boot in regular mode and proper working of adb in
recovery
Change-Id: Id70d27a6162af6ede94661005d80a2a780057089
41 lines
1.3 KiB
Text
41 lines
1.3 KiB
Text
type gatekeeperd, domain;
|
|
type gatekeeperd_exec, system_file_type, exec_type, file_type;
|
|
|
|
# gatekeeperd
|
|
binder_service(gatekeeperd)
|
|
binder_use(gatekeeperd)
|
|
|
|
### Rules needed when Gatekeeper HAL runs inside gatekeeperd process.
|
|
### These rules should eventually be granted only when needed.
|
|
allow gatekeeperd ion_device:chr_file r_file_perms;
|
|
# Load HAL implementation
|
|
allow gatekeeperd system_file:dir r_dir_perms;
|
|
###
|
|
|
|
### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
|
|
### These rules should eventually be granted only when needed.
|
|
hal_client_domain(gatekeeperd, hal_gatekeeper)
|
|
###
|
|
|
|
# need to find KeyStore and add self
|
|
add_service(gatekeeperd, gatekeeper_service)
|
|
|
|
# Need to add auth tokens to KeyStore
|
|
use_keystore(gatekeeperd)
|
|
allow gatekeeperd keystore:keystore_key { add_auth };
|
|
allow gatekeeperd keystore:keystore2 { add_auth };
|
|
allow gatekeeperd authorization_service:service_manager find;
|
|
|
|
|
|
# For permissions checking
|
|
allow gatekeeperd system_server:binder call;
|
|
allow gatekeeperd permission_service:service_manager find;
|
|
|
|
# for SID file access
|
|
allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms;
|
|
allow gatekeeperd gatekeeper_data_file:file create_file_perms;
|
|
|
|
# For hardware properties retrieval
|
|
allow gatekeeperd hardware_properties_service:service_manager find;
|
|
|
|
r_dir_file(gatekeeperd, cgroup)
|