This website requires JavaScript.
Explore
Help
Sign In
PWN-Hunter
/
android_system_sepolicy
Watch
1
Star
0
Fork
0
You've already forked android_system_sepolicy
Code
Issues
Pull Requests
Actions
Packages
Projects
Releases
Wiki
Activity
pwn-14
android_system_sepolicy
/
vendor
/
vndservice_contexts
3 lines
130 B
Plaintext
Raw
Permalink
Normal View
History
Unescape
Escape
Allow vndservicemanager to self-register. This is useful for tools like dumpsys, so that they work on all services equally as well. Also, so that there is no difference with the regular service manager. Bug: 150579832 Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager' Test: denial is no longer present: 03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0 Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
2020-03-05 09:41:37 -08:00
manager u:object_r:service_manager_vndservice:s0
Add default label and mapping for vendor services Adding the default label/mapping is important because: 1. Lookups of services without an selinux label should generate a denial. 2. In permissive mode, lookups of a service without a label should be be allowed, without the default label service manager disallows access. 3. We can neverallow use of the default label. Bug: 37762790 Test: Build and flash policy onto Marlin with unlabeled vendor services. Add/find of unlabeled vendor services generate a denial. Change-Id: I66531deedc3f9b79616f5d0681c87ed66aca5b80 (cherry picked from commit 639a2b842c78197e153913efbf20ac4df1fe378d)
2017-04-28 12:45:30 -07:00
* u:object_r:default_android_vndservice:s0
Reference in New Issue
Copy Permalink