Record observed service accesses. Get ready to switch system_server service lookups into enforcing. Bug: 18106000 Change-Id: Iefd4b2eee6cdd680f5ab423d15cc72a2a30e27cf

commit: 8af4e9cb0032244b0a356eb236ea97379956fa52 [log] [tgz]
author: dcashman <dcashman@google.com> Wed Apr 01 14:30:46 2015 -0700
committer: dcashman <dcashman@google.com> Wed Apr 01 14:30:46 2015 -0700
tree: 8faace8b5b6b05320fa4594fb3d83822c07378ec
parent: d9128a45c656724a5152ad52c11feeb05f867953 [diff]
diff --git a/bluetooth.te b/bluetooth.te
index a91f6b2..7d81e09 100644
--- a/bluetooth.te
+++ b/bluetooth.te

@@ -70,6 +70,7 @@
     -network_management_service
     -power_service
     -registry_service
+    -user_service
 }:service_manager find;
 
 # already open bugreport file descriptors may be shared with

diff --git a/isolated_app.te b/isolated_app.te
index 8930ae6..48bf3de 100644
--- a/isolated_app.te
+++ b/isolated_app.te

@@ -18,6 +18,8 @@
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
+service_manager_local_audit_domain(isolated_app)
+
 #####
 ##### Neverallow
 #####

diff --git a/mediaserver.te b/mediaserver.te
index a8bc55f..23abb0f 100644
--- a/mediaserver.te
+++ b/mediaserver.te

@@ -87,10 +87,12 @@
 service_manager_local_audit_domain(mediaserver)
 auditallow mediaserver {
     tmp_system_server_service
+    -activity_service
     -appops_service
     -batterystats_service
     -permission_service
     -power_service
+    -processinfo_service
     -scheduling_policy_service
 }:service_manager find;
 

diff --git a/nfc.te b/nfc.te
index 00826bb..3545e23 100644
--- a/nfc.te
+++ b/nfc.te

@@ -40,6 +40,7 @@
     -dropbox_service
     -network_management_service
     -power_service
+    -registry_service
     -trust_service
     -user_service
     -vibrator_service

diff --git a/platform_app.te b/platform_app.te
index ef6fb78..92ac5ad 100644
--- a/platform_app.te
+++ b/platform_app.te

@@ -69,10 +69,14 @@
     -power_service
     -registry_service
     -search_service
+    -sensorservice_service
     -statusbar_service
     -trust_service
+    -uimode_service
+    -usb_service
     -user_service
     -vibrator_service
     -wallpaper_service
+    -webviewupdate_service
     -wifi_service
 }:service_manager find;

diff --git a/radio.te b/radio.te
index b5ff4a7..4ecf43c 100644
--- a/radio.te
+++ b/radio.te

@@ -40,13 +40,19 @@
 service_manager_local_audit_domain(radio)
 auditallow radio {
     tmp_system_server_service
+    -accessibility_service
+    -account_service
     -activity_service
     -appops_service
+    -assetatlas_service
     -bluetooth_manager_service
     -connectivity_service
     -content_service
+    -country_detector_service
     -display_service
     -dropbox_service
+    -imms_service
+    -input_method_service
     -netstats_service
     -network_management_service
     -notification_service
@@ -54,5 +60,6 @@
     -registry_service
     -trust_service
     -user_service
+    -vibrator_service
     -wifi_service
 }:service_manager find;

diff --git a/system_app.te b/system_app.te
index ac46052..6740dcd 100644
--- a/system_app.te
+++ b/system_app.te

@@ -60,6 +60,7 @@
 auditallow system_app {
     tmp_system_server_service
     -accessibility_service
+    -account_service
     -activity_service
     -appops_service
     -appwidget_service
@@ -73,17 +74,24 @@
     -display_service
     -dreams_service
     -dropbox_service
+    -fingerprint_service
     -graphicsstats_service
     -input_method_service
     -input_service
     -lock_settings_service
+    -media_session_service
     -mount_service
+    -netstats_service
     -network_management_service
+    -network_score_service
     -notification_service
     -power_service
     -print_service
     -registry_service
+    -restrictions_service
     -sensorservice_service
+    -textservices_service
+    -uimode_service
     -usagestats_service
     -usb_service
     -user_service

diff --git a/system_server.te b/system_server.te
index e967adb..bec8ec4 100644
--- a/system_server.te
+++ b/system_server.te

@@ -397,6 +397,7 @@
     -bluetooth_manager_service
     -connectivity_service
     -content_service
+    -country_detector_service
     -device_policy_service
     -display_service
     -dreams_service
@@ -412,6 +413,7 @@
     -media_router_service
     -media_session_service
     -mount_service
+    -netpolicy_service
     -network_management_service
     -network_score_service
     -notification_service

diff --git a/untrusted_app.te b/untrusted_app.te
index 4e1164d..a93885a 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -98,14 +98,18 @@
     -battery_service
     -batterystats_service
     -bluetooth_manager_service
+    -clipboard_service
     -connectivity_service
     -content_service
     -country_detector_service
     -default_android_service
     -device_policy_service
+    -diskstats_service
     -display_service
     -dropbox_service
     -graphicsstats_service
+    -healthd_service
+    -imms_service
     -input_method_service
     -input_service
     -jobscheduler_service
@@ -123,13 +127,16 @@
     -notification_service
     -persistent_data_block_service
     -power_service
+    -procstats_service
     -registry_service
+    -rttmanager_service
     -search_service
     -sensorservice_service
     -statusbar_service
     -textservices_service
     -trust_service
     -uimode_service
+    -usagestats_service
     -user_service
     -vibrator_service
     -voiceinteraction_service
commit	8af4e9cb0032244b0a356eb236ea97379956fa52	[log] [tgz]
author	dcashman <dcashman@google.com>	Wed Apr 01 14:30:46 2015 -0700
committer	dcashman <dcashman@google.com>	Wed Apr 01 14:30:46 2015 -0700
tree	8faace8b5b6b05320fa4594fb3d83822c07378ec
parent	d9128a45c656724a5152ad52c11feeb05f867953 [diff]