-
Andres Morales authored
sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
Andres Morales authoredsets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
gatekeeperd.te 513 B
type gatekeeperd, domain;
type gatekeeperd_exec, exec_type, file_type;
# gatekeeperd
init_daemon_domain(gatekeeperd)
binder_use(gatekeeperd)
binder_service(gatekeeperd)
allow gatekeeperd tee_device:chr_file rw_file_perms;
allow gatekeeperd gatekeeper_service:service_manager { add find };
allow gatekeeperd keystore:keystore_key { add_auth };
neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;