SELinux permissions for gatekeeper TEE proxy sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e

commit: e207986ea08feebd04f32cd2beff0b1602d08074 [log] [tgz]
author: Andres Morales <anmorales@google.com> Fri Apr 03 16:46:33 2015 -0700
committer: Andres Morales <anmorales@google.com> Mon Apr 06 16:46:58 2015 -0700
tree: 60709dfa0dfdcb796141f712848b81e4f003b6fc
parent: c24d90cb5991ee53842c8fddf526187767ec92ec [diff] [blame]
diff --git a/service_contexts b/service_contexts
index 322f349..003a858 100644
--- a/service_contexts
+++ b/service_contexts

@@ -3,6 +3,7 @@
 activity                                  u:object_r:activity_service:s0
 alarm                                     u:object_r:alarm_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
+android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 appops                                    u:object_r:appops_service:s0
 appwidget                                 u:object_r:appwidget_service:s0
 assetatlas                                u:object_r:assetatlas_service:s0
commit	e207986ea08feebd04f32cd2beff0b1602d08074	[log] [tgz]
author	Andres Morales <anmorales@google.com>	Fri Apr 03 16:46:33 2015 -0700
committer	Andres Morales <anmorales@google.com>	Mon Apr 06 16:46:58 2015 -0700
tree	60709dfa0dfdcb796141f712848b81e4f003b6fc
parent	c24d90cb5991ee53842c8fddf526187767ec92ec [diff] [blame]