PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow PackageManager to communicate to apexd.

Browse Source 
This is used for querying the installed packages, as well as
coordinating the installations of packages.

Test: ran an app that queries PM, that queries apexd.
Bug: 117589375
Change-Id: I38203ffe6d0d312d6cc38e131a29c14ace0ba10c
This commit is contained in:
Dario Freni 2018-10-18 12:50:06 +01:00
parent 41ddb80cd8
commit 7ad743b7ed
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
private/system_server.te
View File

@ -941,6 +941,10 @@ allow system_server system_server_startup:fd use;
allow system_server system_server_startup_tmpfs:file { read write map };
allow system_server system_server_startup:unix_dgram_socket write;
# Allow system server to communicate to apexd
allow system_server apex_service:service_manager find;
allow system_server apexd:binder call;
# dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access.
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

4
public/apexd.te
View File

@ -6,8 +6,8 @@ binder_use(apexd)
add_service(apexd, apex_service)
set_prop(apexd, apexd_prop)
neverallow { domain -init -apexd } apex_service:service_manager find;
neverallow { domain -init -apexd } apexd:binder call;
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
neverallow { domain -init -apexd -system_server } apexd:binder call;
neverallow domain apexd:process ptrace;