SELinux permissions for gatekeeper TEE proxy sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e

commit: e207986ea08feebd04f32cd2beff0b1602d08074 [log] [tgz]
author: Andres Morales <anmorales@google.com> Fri Apr 03 16:46:33 2015 -0700
committer: Andres Morales <anmorales@google.com> Mon Apr 06 16:46:58 2015 -0700
tree: 60709dfa0dfdcb796141f712848b81e4f003b6fc
parent: c24d90cb5991ee53842c8fddf526187767ec92ec [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 45a3549..7ef7b3c 100644
--- a/file_contexts
+++ b/file_contexts

@@ -147,6 +147,7 @@
 /system/bin/mdnsd	u:object_r:mdnsd_exec:s0
 /system/bin/installd	u:object_r:installd_exec:s0
 /system/bin/keystore	u:object_r:keystore_exec:s0
+/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0
 /system/bin/debuggerd64	u:object_r:debuggerd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
commit	e207986ea08feebd04f32cd2beff0b1602d08074	[log] [tgz]
author	Andres Morales <anmorales@google.com>	Fri Apr 03 16:46:33 2015 -0700
committer	Andres Morales <anmorales@google.com>	Mon Apr 06 16:46:58 2015 -0700
tree	60709dfa0dfdcb796141f712848b81e4f003b6fc
parent	c24d90cb5991ee53842c8fddf526187767ec92ec [diff] [blame]