Assign app_api_service attribute to services.

Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services the appropriate service access levels and move into enforcing. Bug: 18106000 Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7

Assign app_api_service attribute to services.
Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services the appropriate service access levels and move into enforcing. Bug: 18106000 Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
4cdea7fc · dcashman · b075338d · 4cdea7fc · 4cdea7fc · 4cdea7fc
Commit 4cdea7fc authored 10 years ago by dcashman
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -60,7 +60,6 @@ allow bluetooth system_api_service:service_manager find;
 service_manager_local_audit_domain(bluetooth)
 auditallow bluetooth {
    tmp_system_server_service
-    -audio_service
    -bluetooth_manager_service
    -connectivity_service
    -display_service

--- a/mediaserver.te
+++ b/mediaserver.te
@@ -80,6 +80,7 @@ allow mediaserver tee:unix_stream_socket connectto;
 allow mediaserver activity_service:service_manager find;
 allow mediaserver appops_service:service_manager find;
+allow mediaserver batterystats_service:service_manager find;
 allow mediaserver drmserver_service:service_manager find;
 allow mediaserver mediaserver_service:service_manager { add find };
 allow mediaserver surfaceflinger_service:service_manager find;
@@ -88,7 +89,6 @@ allow mediaserver tmp_system_server_service:service_manager find;
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
    tmp_system_server_service
-    -batterystats_service
    -permission_service
    -power_service
    -processinfo_service

--- a/nfc.te
+++ b/nfc.te
@@ -30,7 +30,6 @@ allow nfc system_api_service:service_manager find;
 service_manager_local_audit_domain(nfc)
 auditallow nfc {
    tmp_system_server_service
-    -batterystats_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service

--- a/platform_app.te
+++ b/platform_app.te
@@ -39,10 +39,6 @@ allow platform_app system_api_service:service_manager find;
 service_manager_local_audit_domain(platform_app)
 auditallow platform_app {
    tmp_system_server_service
-    -appwidget_service
-    -assetatlas_service
-    -audio_service
-    -batterystats_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service

--- a/radio.te
+++ b/radio.te
@@ -41,7 +41,6 @@ allow radio system_api_service:service_manager find;
 service_manager_local_audit_domain(radio)
 auditallow radio {
    tmp_system_server_service
-    -assetatlas_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service

--- a/service.te
+++ b/service.te
@@ -14,13 +14,13 @@ type system_app_service,        service_manager_type;
 type accessibility_service, app_api_service, system_server_service, service_manager_type;
 type account_service, app_api_service, system_server_service, service_manager_type;
 type activity_service, app_api_service, system_server_service, service_manager_type;
-type alarm_service, tmp_system_server_service, service_manager_type;
+type alarm_service, app_api_service, system_server_service, service_manager_type;
 type appops_service, app_api_service, system_server_service, service_manager_type;
-type appwidget_service, tmp_system_server_service, service_manager_type;
+type appwidget_service, app_api_service, system_server_service, service_manager_type;
-type assetatlas_service, tmp_system_server_service, service_manager_type;
+type assetatlas_service, app_api_service, system_server_service, service_manager_type;
-type audio_service, tmp_system_server_service, service_manager_type;
+type audio_service, app_api_service, system_server_service, service_manager_type;
-type backup_service, tmp_system_server_service, service_manager_type;
+type backup_service, system_api_service, system_server_service, service_manager_type;
-type batterystats_service, tmp_system_server_service, service_manager_type;
+type batterystats_service, app_api_service, system_server_service, service_manager_type;
 type battery_service, tmp_system_server_service, service_manager_type;
 type bluetooth_manager_service, tmp_system_server_service, service_manager_type;
 type clipboard_service, tmp_system_server_service, service_manager_type;

--- a/system_app.te
+++ b/system_app.te
@@ -60,10 +60,6 @@ allow system_app system_api_service:service_manager find;
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
    tmp_system_server_service
-    -appwidget_service
-    -assetatlas_service
-    -audio_service
-    -backup_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service

--- a/system_server.te
+++ b/system_server.te
@@ -370,11 +370,6 @@ allow system_server tmp_system_server_service:service_manager { add find };
 service_manager_local_audit_domain(system_server)
 auditallow system_server {
    tmp_system_server_service
-    -alarm_service
-    -assetatlas_service
-    -audio_service
-    -backup_service
-    -batterystats_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -90,12 +90,6 @@ allow untrusted_app system_api_service:service_manager find;
 service_manager_local_audit_domain(untrusted_app)
 auditallow untrusted_app {
    tmp_system_server_service
-    -appwidget_service
-    -assetatlas_service
-    -audio_service
-    -backup_service
-    -battery_service
-    -batterystats_service
    -bluetooth_manager_service
    -clipboard_service
    -connectivity_service