Enable permission checking by binderservicedomain.android-6.0.1_r9 android-6.0.1_r8 android-6.0.1_r7 android-6.0.1_r3 android-6.0.1_r17 android-6.0.1_r13 android-6.0.1_r12 android-6.0.1_r11 android-6.0.1_r10 android-6.0.1_r1 android-6.0.0_r41

binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
author: dcashman <dcashman@google.com> 2015-10-29 10:32:14 -0700
committer: The Android Automerger <android-build@google.com> 2015-10-29 19:24:22 -0700
commit: 9acda2f3805c426c18af62b98aac614f69f97864 (patch)
tree: a8254311c9e3e837336911a12d0b523dff2cbd9b
parent: 6ab438dc8b4c8b661c8209ecfb66b626b8bdc532 (diff)
download: sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 0bfd33a..36993eb 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
 allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore(binderservicedomain)
author	dcashman <dcashman@google.com>	2015-10-29 10:32:14 -0700
committer	The Android Automerger <android-build@google.com>	2015-10-29 19:24:22 -0700
commit	9acda2f3805c426c18af62b98aac614f69f97864 (patch)
tree	a8254311c9e3e837336911a12d0b523dff2cbd9b
parent	6ab438dc8b4c8b661c8209ecfb66b626b8bdc532 (diff)
download	sepolicy-9acda2f3805c426c18af62b98aac614f69f97864.tar.gz