Skip to content
Snippets Groups Projects
Commit 28b71808 authored by Riley Spahn's avatar Riley Spahn
Browse files

Remove catchall for unregistered services. 

Remove the allow rule for default services in
binderservicedomain.te so we will need to whitelist any
services to be registered.

Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
parent 166c09e5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 4 deletions
binderservicedomain.te
+ 0
4
View file @ 28b71808
...@@ -13,10 +13,6 @@ allow binderservicedomain console_device:chr_file rw_file_perms; ...@@ -13,10 +13,6 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
allow binderservicedomain appdomain:fd use; allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write; allow binderservicedomain appdomain:fifo_file write;
# Allow binderservicedomain to add services by default.
allow binderservicedomain service_manager_type:service_manager add;
auditallow binderservicedomain default_android_service:service_manager add;
allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment