Skip to content
Snippets Groups Projects
Commit d9bd9e69 authored by Nick Kralevich's avatar Nick Kralevich Committed by android-build-merger
Browse files

Add directory read permissions to certain domains.

am: 49e35884

Change-Id: Ib96dbc7f6467e55d595426242c59b9551e9ae75f
parents 3f77c683 49e35884
No related branches found
No related tags found
No related merge requests found
......@@ -27,6 +27,7 @@ allow domain_deprecated system_file:file r_file_perms;
auditallow {
domain_deprecated
-appdomain
-fingerprintd
-init
-installd
-rild
......
......@@ -3,6 +3,9 @@ type fingerprintd_exec, exec_type, file_type;
binder_use(fingerprintd)
# Scan through /system/lib64/hw looking for installed HALs
allow fingerprintd system_file:dir r_dir_perms;
# need to find KeyStore and add self
allow fingerprintd fingerprintd_service:service_manager { add find };
......
......@@ -10,6 +10,9 @@ allow gatekeeperd ion_device:chr_file r_file_perms;
# need to find KeyStore and add self
allow gatekeeperd gatekeeper_service:service_manager { add find };
# Scan through /system/lib64/hw looking for installed HALs
allow gatekeeperd system_file:dir r_dir_perms;
# Need to add auth tokens to KeyStore
use_keystore(gatekeeperd)
allow gatekeeperd keystore:keystore_key { add_auth };
......
......@@ -13,6 +13,9 @@ allow hwservicemanager { domain -init }:binder transfer;
set_prop(hwservicemanager, hwservicemanager_prop)
# Scan through /system/lib64/hw looking for installed HALs
allow hwservicemanager system_file:dir r_dir_perms;
# TODO once hwservicemanager checks whether HALs are
# allowed to register a certain service, add policy here
# for allowing to check SELinux permissions.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment