From 28b7180824609bd083cc3a38df4ed94ed942f395 Mon Sep 17 00:00:00 2001
From: Riley Spahn <rileyspahn@google.com>
Date: Tue, 24 Jun 2014 14:43:29 -0700
Subject: [PATCH] Remove catchall for unregistered services.

Remove the allow rule for default services in
binderservicedomain.te so we will need to whitelist any
services to be registered.

Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
---
 binderservicedomain.te | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/binderservicedomain.te b/binderservicedomain.te
index 3190b6b8a..19da03c5f 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,10 +13,6 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
-# Allow binderservicedomain to add services by default.
-allow binderservicedomain service_manager_type:service_manager add;
-auditallow binderservicedomain default_android_service:service_manager add;
-
 allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
 auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
 
-- 
GitLab