Skip to content
Snippets Groups Projects
Commit 6db824a7 authored by Andres Morales's avatar Andres Morales Committed by Gerrit Code Review
Browse files

Merge "New rules for SID access"

parents 490a7a8a b348f8f5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 2 deletions
gatekeeperd.te
+ 8
2
View file @ 6db824a7
......@@ -17,6 +17,12 @@ allow gatekeeperd keystore:keystore_key { add_auth };
allow gatekeeperd system_server:binder call;
allow gatekeeperd permission_service:service_manager find;
neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
# for SID file access
allow gatekeeperd system_data_file:dir { add_name write};
allow gatekeeperd system_data_file:file { write create open };
# Apps using KeyStore API will request the SID from GateKeeper
allow untrusted_app gatekeeper_service:service_manager find;
binder_call(untrusted_app, gatekeeperd)
neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;
neverallow { domain -system_server } gatekeeperd:binder call;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment