I've been seeing some off policy where folks are adding add permissions for service's they shouldn't be adding. This is usually indicative of a mislabel or just plain wrongness. I have some RFC patches on Gerrit that attempt to address this by using a macro to "add a service" to service manager. This macro automatically creates a neverallow preventing others from adding that service type.
This may be two strict in some cases, perhaps gpu_service could be an example. Also, doing this found a miss-typeattribute to wificond_service: https://android-review.googlesource.com/#/c/325724/ Also, a better mechanism then the macro may exist for this, like just doing it with raw policy statements. I like the macro as it develops a pattern, and you have to break the pattern to get around it, which probably means something is wrong. This seems to have occurred with mediaserver and mediadrmserver both adding a media_service service. For those who wish to view and comment: https://android-review.googlesource.com/#/q/topic:rfc-add-service+(status:open+OR+status:merged) Bill _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
