Skip to content

Commit

Permalink
Assign app_api_service attribute to services.
Browse files Browse the repository at this point in the history 
Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services
the appropriate service access levels and move into enforcing.

Bug: 18106000
Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
  • Loading branch information
dcashman committed Apr 6, 2015
1 parent b075338 commit 4cdea7f
Show file tree
Hide file tree
Showing 9 changed files with 7 additions and 29 deletions.
1 change: 0 additions & 1 deletion bluetooth.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ allow bluetooth system_api_service:service_manager find;
service_manager_local_audit_domain(bluetooth)
auditallow bluetooth {
tmp_system_server_service
-audio_service
-bluetooth_manager_service
-connectivity_service
-display_service
Expand Down
2 changes: 1 addition & 1 deletion mediaserver.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ allow mediaserver tee:unix_stream_socket connectto;

allow mediaserver activity_service:service_manager find;
allow mediaserver appops_service:service_manager find;
allow mediaserver batterystats_service:service_manager find;
allow mediaserver drmserver_service:service_manager find;
allow mediaserver mediaserver_service:service_manager { add find };
allow mediaserver surfaceflinger_service:service_manager find;
Expand All @@ -88,7 +89,6 @@ allow mediaserver tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(mediaserver)
auditallow mediaserver {
tmp_system_server_service
-batterystats_service
-permission_service
-power_service
-processinfo_service
Expand Down
1 change: 0 additions & 1 deletion nfc.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ allow nfc system_api_service:service_manager find;
service_manager_local_audit_domain(nfc)
auditallow nfc {
tmp_system_server_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
Expand Down
4 changes: 0 additions & 4 deletions platform_app.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,6 @@ allow platform_app system_api_service:service_manager find;
service_manager_local_audit_domain(platform_app)
auditallow platform_app {
tmp_system_server_service
-appwidget_service
-assetatlas_service
-audio_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
Expand Down
1 change: 0 additions & 1 deletion radio.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ allow radio system_api_service:service_manager find;
service_manager_local_audit_domain(radio)
auditallow radio {
tmp_system_server_service
-assetatlas_service
-bluetooth_manager_service
-connectivity_service
-content_service
Expand Down
12 changes: 6 additions & 6 deletions service.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ type system_app_service, service_manager_type;
type accessibility_service, app_api_service, system_server_service, service_manager_type;
type account_service, app_api_service, system_server_service, service_manager_type;
type activity_service, app_api_service, system_server_service, service_manager_type;
type alarm_service, tmp_system_server_service, service_manager_type;
type alarm_service, app_api_service, system_server_service, service_manager_type;
type appops_service, app_api_service, system_server_service, service_manager_type;
type appwidget_service, tmp_system_server_service, service_manager_type;
type assetatlas_service, tmp_system_server_service, service_manager_type;
type audio_service, tmp_system_server_service, service_manager_type;
type backup_service, tmp_system_server_service, service_manager_type;
type batterystats_service, tmp_system_server_service, service_manager_type;
type appwidget_service, app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, system_server_service, service_manager_type;
type audio_service, app_api_service, system_server_service, service_manager_type;
type backup_service, system_api_service, system_server_service, service_manager_type;
type batterystats_service, app_api_service, system_server_service, service_manager_type;
type battery_service, tmp_system_server_service, service_manager_type;
type bluetooth_manager_service, tmp_system_server_service, service_manager_type;
type clipboard_service, tmp_system_server_service, service_manager_type;
Expand Down
4 changes: 0 additions & 4 deletions system_app.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,6 @@ allow system_app system_api_service:service_manager find;
service_manager_local_audit_domain(system_app)
auditallow system_app {
tmp_system_server_service
-appwidget_service
-assetatlas_service
-audio_service
-backup_service
-bluetooth_manager_service
-connectivity_service
-content_service
Expand Down
5 changes: 0 additions & 5 deletions system_server.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,11 +370,6 @@ allow system_server tmp_system_server_service:service_manager { add find };
service_manager_local_audit_domain(system_server)
auditallow system_server {
tmp_system_server_service
-alarm_service
-assetatlas_service
-audio_service
-backup_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
Expand Down
6 changes: 0 additions & 6 deletions untrusted_app.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,6 @@ allow untrusted_app system_api_service:service_manager find;
service_manager_local_audit_domain(untrusted_app)
auditallow untrusted_app {
tmp_system_server_service
-appwidget_service
-assetatlas_service
-audio_service
-backup_service
-battery_service
-batterystats_service
-bluetooth_manager_service
-clipboard_service
-connectivity_service
Expand Down

0 comments on commit 4cdea7f

Please sign in to comment.