Allow PackageManager to communicate to apexd.
This is used for querying the installed packages, as well as coordinating the installations of packages. Test: ran an app that queries PM, that queries apexd. Bug: 117589375 Change-Id: I38203ffe6d0d312d6cc38e131a29c14ace0ba10c
This commit is contained in:
parent
41ddb80cd8
commit
7ad743b7ed
@ -941,6 +941,10 @@ allow system_server system_server_startup:fd use;
|
||||
allow system_server system_server_startup_tmpfs:file { read write map };
|
||||
allow system_server system_server_startup:unix_dgram_socket write;
|
||||
|
||||
# Allow system server to communicate to apexd
|
||||
allow system_server apex_service:service_manager find;
|
||||
allow system_server apexd:binder call;
|
||||
|
||||
# dexoptanalyzer is currently used only for secondary dex files which
|
||||
# system_server should never access.
|
||||
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
|
||||
|
@ -6,8 +6,8 @@ binder_use(apexd)
|
||||
add_service(apexd, apex_service)
|
||||
set_prop(apexd, apexd_prop)
|
||||
|
||||
neverallow { domain -init -apexd } apex_service:service_manager find;
|
||||
neverallow { domain -init -apexd } apexd:binder call;
|
||||
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
|
||||
neverallow { domain -init -apexd -system_server } apexd:binder call;
|
||||
|
||||
neverallow domain apexd:process ptrace;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user