Further refined service_manager auditallow statements.

Further refined auditallow statements associated with service_manager and added dumpstate to the service_manager_local_audit_domain. (cherry picked from commit 603bc205) Change-Id: Ib8894aa70aa300c14182a6c934dd56c08c82b05f

Further refined service_manager auditallow statements.
4a24475b · Riley Spahn · Nick Kralevich · 14aa7c06 · 4a24475b · 4a24475b
Commit 4a24475b authored 11 years ago by Riley Spahn Committed by Nick Kralevich 11 years ago
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -54,6 +54,7 @@ service_manager_local_audit_domain(bluetooth)
 auditallow bluetooth {
    service_manager_type
    -bluetooth_service
+    -radio_service
    -system_server_service
 }:service_manager find;


--- a/drmserver.te
+++ b/drmserver.te
@@ -49,4 +49,8 @@ allow drmserver drmserver_service:service_manager add;

 # Audited locally.
 service_manager_local_audit_domain(drmserver)
-auditallow drmserver { service_manager_type -drmserver_service }:service_manager find;
+auditallow drmserver {
+    service_manager_type
+    -drmserver_service
+    -system_server_service
+}:service_manager find;
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -96,3 +96,18 @@ control_logd(dumpstate)
 # Read network state info files.
 allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;
+
+service_manager_local_audit_domain(dumpstate)
+auditallow dumpstate {
+    service_manager_type
+    -drmserver_service
+    -healthd_service
+    -inputflinger_service
+    -keystore_service
+    -mediaserver_service
+    -nfc_service
+    -radio_service
+    -surfaceflinger_service
+    -system_app_service
+    -system_server_service
+}:service_manager find;
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -21,4 +21,9 @@ allow isolated_app app_data_file:file execute;

 # Audited locally.
 service_manager_local_audit_domain(isolated_app)
-auditallow isolated_app service_manager_type:service_manager find;
+auditallow isolated_app {
+    service_manager_type
+    -radio_service
+    -surfaceflinger_service
+    -system_server_service
+}:service_manager find;
--- a/nfc.te
+++ b/nfc.te
@@ -21,5 +21,6 @@ service_manager_local_audit_domain(nfc)
 auditallow nfc {
    service_manager_type
    -mediaserver_service
+    -surfaceflinger_service
    -system_server_service
 }:service_manager find;
--- a/radio.te
+++ b/radio.te
@@ -35,5 +35,6 @@ auditallow radio {
    service_manager_type
    -mediaserver_service
    -radio_service
+    -surfaceflinger_service
    -system_server_service
 }:service_manager find;
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -69,6 +69,7 @@ service_manager_local_audit_domain(untrusted_app)
 auditallow untrusted_app {
    service_manager_type
    -drmserver_service
+    -keystore_service
    -mediaserver_service
    -nfc_service
    -radio_service