Allow 'su' domain access to vndbinder.
For example, for listing vndbinder services
using 'adb shell service -v list'
Test: adb shell service -v list
Bug: 36987120
Change-Id: Ibf3050710720ae4c920bc4807c9a90ba43717f3b
diff --git a/public/su.te b/public/su.te
index 8cb386d..f410c4d 100644
--- a/public/su.te
+++ b/public/su.te
@@ -10,6 +10,9 @@
# Add su to various domains
net_domain(su)
+ # grant su access to vndbinder
+ vndbinder_use(su)
+
dontaudit su self:capability_class_set *;
dontaudit su kernel:security *;
dontaudit su kernel:system *;
@@ -34,6 +37,8 @@
dontaudit su property_type:property_service *;
dontaudit su property_type:file *;
dontaudit su service_manager_type:service_manager *;
+ dontaudit su hwservice_manager_type:hwservice_manager *;
+ dontaudit su vndservice_manager_type:vndservice_manager *;
dontaudit su servicemanager:service_manager list;
dontaudit su keystore:keystore_key *;
dontaudit su domain:drmservice *;