Record observed system_server servicemanager service requests. Also formally allow dumpstate access to all services and grant system_server access to address the following non-system_server_service entries: avc: granted { find } for service=drm.drmManager scontext=u:r:system_server:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager avc: granted { find } for service=nfc scontext=u:r:system_server:s0 tcontext=u:object_r:nfc_service:s0 tclass=service_manager Bug: 18106000 Change-Id: Iad16b36acf44bce52c4824f8b53c0e7731c25602

commit: 23f336156daf61ba07c024af2fe96994605f46eb [log] [tgz]
author: dcashman <dcashman@google.com> Tue Mar 03 11:20:15 2015 -0800
committer: dcashman <dcashman@google.com> Tue Mar 03 11:38:07 2015 -0800
tree: b4623fd212a55d64149265a182ff1ab86d52b905
parent: 3e113edf0225bbe54a0f98353dd22de855ee2657 [diff] [blame]
diff --git a/drmserver.te b/drmserver.te
index 482c218..e52d679 100644
--- a/drmserver.te
+++ b/drmserver.te

@@ -53,4 +53,10 @@
 allow drmserver system_server_service:service_manager find;
 allow drmserver tmp_system_server_service:service_manager find;
 
+service_manager_local_audit_domain(drmserver)
+auditallow drmserver {
+    tmp_system_server_service
+    -permission_service
+}:service_manager find;
+
 selinux_check_access(drmserver)
commit	23f336156daf61ba07c024af2fe96994605f46eb	[log] [tgz]
author	dcashman <dcashman@google.com>	Tue Mar 03 11:20:15 2015 -0800
committer	dcashman <dcashman@google.com>	Tue Mar 03 11:38:07 2015 -0800
tree	b4623fd212a55d64149265a182ff1ab86d52b905
parent	3e113edf0225bbe54a0f98353dd22de855ee2657 [diff] [blame]