diff --git a/private/lpdumpd.te b/private/lpdumpd.te index 458a8f171..3bcd7612e 100644 --- a/private/lpdumpd.te +++ b/private/lpdumpd.te @@ -38,4 +38,5 @@ neverallow { -dumpstate -lpdumpd -shell + -servicemanager } lpdumpd:binder call; diff --git a/public/apexd.te b/public/apexd.te index 3957ed6bb..93c257f5f 100644 --- a/public/apexd.te +++ b/public/apexd.te @@ -7,7 +7,7 @@ add_service(apexd, apex_service) set_prop(apexd, apexd_prop) neverallow { domain -init -apexd -system_server } apex_service:service_manager find; -neverallow { domain -init -apexd -system_server } apexd:binder call; +neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call; neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace; diff --git a/public/installd.te b/public/installd.te index 188876565..10277d221 100644 --- a/public/installd.te +++ b/public/installd.te @@ -173,9 +173,9 @@ allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir }; ### Neverallow rules ### -# only system_server, installd and dumpstate may interact with installd over binder +# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find; -neverallow { domain -system_server -dumpstate } installd:binder call; +neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call; neverallow installd { domain -system_server diff --git a/public/te_macros b/public/te_macros index 967222779..f065a2171 100644 --- a/public/te_macros +++ b/public/te_macros @@ -337,6 +337,8 @@ allow $1 $3:unix_dgram_socket sendto; define(`binder_use', ` # Call the servicemanager and transfer references to it. allow $1 servicemanager:binder { call transfer }; +# Allow servicemanager to send out callbacks +allow servicemanager $1:binder { call transfer }; # servicemanager performs getpidcon on clients. allow servicemanager $1:dir search; allow servicemanager $1:file { read open };