Record observed service accesses.

Get ready to switch system_server service lookups into enforcing. Bug: 18106000 Change-Id: Iefd4b2eee6cdd680f5ab423d15cc72a2a30e27cf

Record observed service accesses.
Get ready to switch system_server service lookups into enforcing. Bug: 18106000 Change-Id: Iefd4b2eee6cdd680f5ab423d15cc72a2a30e27cf
8af4e9cb · dcashman · d9128a45 · 8af4e9cb · 8af4e9cb · 8af4e9cb
Commit 8af4e9cb authored 10 years ago by dcashman
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -70,6 +70,7 @@ auditallow bluetooth {
    -network_management_service
    -power_service
    -registry_service
+    -user_service
 }:service_manager find;
 # already open bugreport file descriptors may be shared with

--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,6 +18,8 @@ allow isolated_app app_data_file:file { read write getattr };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
+service_manager_local_audit_domain(isolated_app)
 #####
 ##### Neverallow
 #####

--- a/mediaserver.te
+++ b/mediaserver.te
@@ -87,10 +87,12 @@ allow mediaserver tmp_system_server_service:service_manager find;
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
    tmp_system_server_service
+    -activity_service
    -appops_service
    -batterystats_service
    -permission_service
    -power_service
+    -processinfo_service
    -scheduling_policy_service
 }:service_manager find;

--- a/nfc.te
+++ b/nfc.te
@@ -40,6 +40,7 @@ auditallow nfc {
    -dropbox_service
    -network_management_service
    -power_service
+    -registry_service
    -trust_service
    -user_service
    -vibrator_service

--- a/platform_app.te
+++ b/platform_app.te
@@ -69,10 +69,14 @@ auditallow platform_app {
    -power_service
    -registry_service
    -search_service
+    -sensorservice_service
    -statusbar_service
    -trust_service
+    -uimode_service
+    -usb_service
    -user_service
    -vibrator_service
    -wallpaper_service
+    -webviewupdate_service
    -wifi_service
 }:service_manager find;
--- a/radio.te
+++ b/radio.te
@@ -40,13 +40,19 @@ allow radio tmp_system_server_service:service_manager find;
 service_manager_local_audit_domain(radio)
 auditallow radio {
    tmp_system_server_service
+    -accessibility_service
+    -account_service
    -activity_service
    -appops_service
+    -assetatlas_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service
+    -country_detector_service
    -display_service
    -dropbox_service
+    -imms_service
+    -input_method_service
    -netstats_service
    -network_management_service
    -notification_service
@@ -54,5 +60,6 @@ auditallow radio {
    -registry_service
    -trust_service
    -user_service
+    -vibrator_service
    -wifi_service
 }:service_manager find;
--- a/system_app.te
+++ b/system_app.te
@@ -60,6 +60,7 @@ service_manager_local_audit_domain(system_app)
 auditallow system_app {
    tmp_system_server_service
    -accessibility_service
+    -account_service
    -activity_service
    -appops_service
    -appwidget_service
@@ -73,17 +74,24 @@ auditallow system_app {
    -display_service
    -dreams_service
    -dropbox_service
+    -fingerprint_service
    -graphicsstats_service
    -input_method_service
    -input_service
    -lock_settings_service
+    -media_session_service
    -mount_service
+    -netstats_service
    -network_management_service
+    -network_score_service
    -notification_service
    -power_service
    -print_service
    -registry_service
+    -restrictions_service
    -sensorservice_service
+    -textservices_service
+    -uimode_service
    -usagestats_service
    -usb_service
    -user_service

--- a/system_server.te
+++ b/system_server.te
@@ -397,6 +397,7 @@ auditallow system_server {
    -bluetooth_manager_service
    -connectivity_service
    -content_service
+    -country_detector_service
    -device_policy_service
    -display_service
    -dreams_service
@@ -412,6 +413,7 @@ auditallow system_server {
    -media_router_service
    -media_session_service
    -mount_service
+    -netpolicy_service
    -network_management_service
    -network_score_service
    -notification_service

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -98,14 +98,18 @@ auditallow untrusted_app {
    -battery_service
    -batterystats_service
    -bluetooth_manager_service
+    -clipboard_service
    -connectivity_service
    -content_service
    -country_detector_service
    -default_android_service
    -device_policy_service
+    -diskstats_service
    -display_service
    -dropbox_service
    -graphicsstats_service
+    -healthd_service
+    -imms_service
    -input_method_service
    -input_service
    -jobscheduler_service
@@ -123,13 +127,16 @@ auditallow untrusted_app {
    -notification_service
    -persistent_data_block_service
    -power_service
+    -procstats_service
    -registry_service
+    -rttmanager_service
    -search_service
    -sensorservice_service
    -statusbar_service
    -textservices_service
    -trust_service
    -uimode_service
+    -usagestats_service
    -user_service
    -vibrator_service
    -voiceinteraction_service