Skip to content
Snippets Groups Projects
Commit b348f8f5 authored by Andres Morales's avatar Andres Morales
Browse files

New rules for SID access 

Change-Id: Ia9df151cc64ad74133db2095a935220ef9f3ea8e
parent dd156fc3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 2 deletions
gatekeeperd.te
+ 8
2
View file @ b348f8f5
...@@ -17,6 +17,12 @@ allow gatekeeperd keystore:keystore_key { add_auth }; ...@@ -17,6 +17,12 @@ allow gatekeeperd keystore:keystore_key { add_auth };
allow gatekeeperd system_server:binder call; allow gatekeeperd system_server:binder call;
allow gatekeeperd permission_service:service_manager find; allow gatekeeperd permission_service:service_manager find;
neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find; # for SID file access
allow gatekeeperd system_data_file:dir { add_name write};
allow gatekeeperd system_data_file:file { write create open };
# Apps using KeyStore API will request the SID from GateKeeper
allow untrusted_app gatekeeper_service:service_manager find;
binder_call(untrusted_app, gatekeeperd)
neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add; neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;
neverallow { domain -system_server } gatekeeperd:binder call;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment