Refine service_manager find auditallow statements. Add adbd as a service_manager_local_audit_domain and negate surfaceflinger_service in its auditallow. Negate keystore_service and radio_service in the system_app auditallow. (cherry picked from commit 88157ea34779aa66a7d43a322d10a0eda9fe39a0) Change-Id: I25354db2add3135335c80be2c2d350e526137572

commit: 14aa7c06088205f171aaaac15941c49ffa5f101b [log] [tgz]
author: Riley Spahn <rileyspahn@google.com> Thu Jul 17 14:18:56 2014 -0700
committer: Nick Kralevich <nnk@google.com> Thu Jul 17 16:30:26 2014 -0700
tree: cf38e1753e495003d9a4d0bd29db957d6d348401
parent: 08ac1247d9779b0eaa9e4882104d527c21f81336 [diff]
diff --git a/adbd.te b/adbd.te
index 58fdead..3b654a1 100644
--- a/adbd.te
+++ b/adbd.te

@@ -68,3 +68,9 @@
 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
+
+service_manager_local_audit_domain(adbd)
+auditallow adbd {
+    service_manager_type
+    -surfaceflinger_service
+}:service_manager find;

diff --git a/system_app.te b/system_app.te
index 24b135e..5a5888f 100644
--- a/system_app.te
+++ b/system_app.te

@@ -69,7 +69,9 @@
 service_manager_local_audit_domain(system_app)
 auditallow system_app {
     service_manager_type
+    -keystore_service
     -nfc_service
+    -radio_service
     -surfaceflinger_service
     -system_server_service
 }:service_manager find;
commit	14aa7c06088205f171aaaac15941c49ffa5f101b	[log] [tgz]
author	Riley Spahn <rileyspahn@google.com>	Thu Jul 17 14:18:56 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Jul 17 16:30:26 2014 -0700
tree	cf38e1753e495003d9a4d0bd29db957d6d348401
parent	08ac1247d9779b0eaa9e4882104d527c21f81336 [diff]