Remove catchall for unregistered services. Remove the allow rule for default services in binderservicedomain.te so we will need to whitelist any services to be registered. Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531

commit: 28b7180824609bd083cc3a38df4ed94ed942f395 [log] [tgz]
author: Riley Spahn <rileyspahn@google.com> Tue Jun 24 14:43:29 2014 -0700
committer: Riley Spahn <rileyspahn@google.com> Mon Jun 30 15:21:21 2014 -0700
tree: acbcf1205379e0381723d77d374787f6de2f28ce
parent: 166c09e59d450f6a06597b9e2b8e5ed3c0ebd044 [diff]
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 3190b6b..19da03c 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te

@@ -13,10 +13,6 @@
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
-# Allow binderservicedomain to add services by default.
-allow binderservicedomain service_manager_type:service_manager add;
-auditallow binderservicedomain default_android_service:service_manager add;
-
 allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
 auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
commit	28b7180824609bd083cc3a38df4ed94ed942f395	[log] [tgz]
author	Riley Spahn <rileyspahn@google.com>	Tue Jun 24 14:43:29 2014 -0700
committer	Riley Spahn <rileyspahn@google.com>	Mon Jun 30 15:21:21 2014 -0700
tree	acbcf1205379e0381723d77d374787f6de2f28ce
parent	166c09e59d450f6a06597b9e2b8e5ed3c0ebd044 [diff]