Add sepolicy for resolver service Bug: 126141549 Test: built, flashed, booted Change-Id: I34260e1e5cc238fbe92574f928252680c1e6b417

commit: 524f25ebb06da39a699953675b6d206cd9c95e88 [log] [tgz]
author: Luke Huang <huangluke@google.com> Mon Feb 25 20:12:15 2019 +0800
committer: Luke Huang <huangluke@google.com> Tue Mar 05 15:49:33 2019 +0000
tree: cb944990dfa3b5cc9d6a1243ca601534f4100007
parent: 9c65dc76b88fe791377cc3bd646c46109af49c27 [diff] [blame]
diff --git a/private/system_app.te b/private/system_app.te
index 3f0d335..27e8ef1 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -74,6 +74,7 @@
 allow system_app {
   service_manager_type
   -apex_service
+  -dnsresolver_service
   -dumpstate_service
   -installd_service
   -iorapd_service
@@ -85,6 +86,7 @@
 }:service_manager find;
 # suppress denials for services system_app should not be accessing.
 dontaudit system_app {
+  dnsresolver_service
   dumpstate_service
   installd_service
   iorapd_service
commit	524f25ebb06da39a699953675b6d206cd9c95e88	[log] [tgz]
author	Luke Huang <huangluke@google.com>	Mon Feb 25 20:12:15 2019 +0800
committer	Luke Huang <huangluke@google.com>	Tue Mar 05 15:49:33 2019 +0000
tree	cb944990dfa3b5cc9d6a1243ca601534f4100007
parent	9c65dc76b88fe791377cc3bd646c46109af49c27 [diff] [blame]