commit 37137dafb11d968ef2cf3b5da13d6e7938455f65
author dcashman <dcashman@google.com> Wed Apr 29 19:39:45 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Apr 29 19:39:45 2015 +0000
tree 6dda0ce2a766b5aae310cd867807dd7e8da00cf9
parent ab5cf6687397bf2b80ecc11cba92876cef7417c9
parent 31548db0f43b2ed755126c19cefc81e106fbd9fe

Merge "Make deviceidle accessible as system_api_service." into mnc-dev

gatekeeperd.te

diff --git a/gatekeeperd.te b/gatekeeperd.te
index 39d9d21..4d62ce4 100644
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -3,6 +3,7 @@
 
 # gatekeeperd
 init_daemon_domain(gatekeeperd)
+binder_service(gatekeeperd)
 binder_use(gatekeeperd)
 allow gatekeeperd tee_device:chr_file rw_file_perms;
 

service.te

diff --git a/service.te b/service.te
index 56dce50..66bf566 100644
--- a/service.te
+++ b/service.te
@@ -1,10 +1,10 @@
 type bluetooth_service,         service_manager_type;
 type default_android_service,   service_manager_type;
 type drmserver_service,         service_manager_type;
+type gatekeeper_service,        app_api_service, service_manager_type;
 type healthd_service,           service_manager_type;
 type inputflinger_service,      service_manager_type;
 type keystore_service,          service_manager_type;
-type gatekeeper_service,        service_manager_type;
 type mediaserver_service,       service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;

untrusted_app.te

diff --git a/untrusted_app.te b/untrusted_app.te
index 1b7aaee..5ad8c79 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -93,10 +93,6 @@
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
 allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
 
-# Apps using KeyStore API will request the SID from GateKeeper
-allow untrusted_app gatekeeper_service:service_manager find;
-binder_call(untrusted_app, gatekeeperd)
-
 ###
 ### neverallow rules
 ###