incident_service: only disallow untrusted access Allow device-specific domains to access the incident_service. Test: build Bug: 156479626 Change-Id: I3b368c09087e2d3542b70be5aa22f8ef47392221

commit: 2aa8042f9db1eac2fb19f479f9f0a5ebd76d9ab6 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed May 13 14:40:49 2020 +0200
committer: Jeffrey Vander Stoep <jeffv@google.com> Wed May 13 15:06:17 2020 +0000
tree: 97771bf2435f6693f27bab91ee27c6823b1a94ac
parent: 4ec6c0a48d4f337cefc293ace33bbd843b414290 [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 66e9f69..1157187 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -257,3 +257,6 @@
   -untrusted_app_25
   -untrusted_app_27
 } mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;
commit	2aa8042f9db1eac2fb19f479f9f0a5ebd76d9ab6	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed May 13 14:40:49 2020 +0200
committer	Jeffrey Vander Stoep <jeffv@google.com>	Wed May 13 15:06:17 2020 +0000
tree	97771bf2435f6693f27bab91ee27c6823b1a94ac
parent	4ec6c0a48d4f337cefc293ace33bbd843b414290 [diff] [blame]