am 67463061: am 9d5f5d0e: Merge "Add domains for goldfish services."

* commit '67463061850da489782b5023e0a6178e06f602fb':
  Add domains for goldfish services.

target/board/generic/BoardConfig.mk

@@ -82,6 +82,11 @@ BOARD_SEPOLICY_UNION += \
         domain.te \
         file.te \
         file_contexts \
+        goldfish_setup.te \
+        goldfish_logcat.te \
+        property.te \
+        property_contexts \
+        qemu_props.te \
         qemud.te \
         rild.te \
         shell.te \

target/board/generic/sepolicy/file_contexts

@@ -2,3 +2,5 @@
 /dev/socket/qemud	u:object_r:qemud_socket:s0
 /system/bin/qemud	u:object_r:qemud_exec:s0
 /sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
+/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
+/system/bin/qemu-props	     u:object_r:qemu_props_exec:s0

target/board/generic/sepolicy/goldfish_logcat.te

@@ -0,0 +1,11 @@
+# goldfish-logcat service:  runs logcat -Q
+type goldfish_logcat, domain;
+permissive_or_unconfined(goldfish_logcat)
+
+domain_auto_trans(init, logcat_exec, goldfish_logcat)
+
+# Read from logd.
+read_logd(goldfish_logcat)
+
+# Write to /dev/ttyS2
+allow goldfish_logcat serial_device:chr_file { write open };

target/board/generic/sepolicy/goldfish_setup.te

@@ -0,0 +1,19 @@
+# goldfish-setup service: runs init.goldfish.sh script
+type goldfish_setup, domain;
+type goldfish_setup_exec, exec_type, file_type;
+permissive_or_unconfined(goldfish_setup)
+
+init_daemon_domain(goldfish_setup)
+
+# Inherit open file to shell (interpreter) for script.
+allow goldfish_setup shell_exec:file read;
+
+# Run ifconfig, route commands to configure interfaces and routes.
+allow goldfish_setup system_file:file execute_no_trans;
+allow goldfish_setup self:capability { net_admin net_raw };
+allow goldfish_setup self:udp_socket create_socket_perms;
+
+# Set net.eth0.dns*, debug.sf.nobootanimation
+unix_socket_connect(goldfish_setup, property, init)
+allow goldfish_setup system_prop:property_service set;
+allow goldfish_setup debug_prop:property_service set;

target/board/generic/sepolicy/property.te

@@ -0,0 +1 @@
+type qemu_prop, property_type;

target/board/generic/sepolicy/property_contexts

@@ -0,0 +1 @@
+qemu.                   u:object_r:qemu_prop:s0

target/board/generic/sepolicy/qemu_props.te

@@ -0,0 +1,10 @@
+# qemu-props service:  Sets system properties on boot.
+type qemu_props, domain;
+type qemu_props_exec, exec_type, file_type;
+permissive_or_unconfined(qemu_props)
+
+init_daemon_domain(qemu_props)
+
+# Set properties.
+unix_socket_connect(qemu_props, property, init)
+allow qemu_props { qemu_prop dalvik_prop config_prop }:property_service set;

target/board/generic_mips/BoardConfig.mk

@@ -64,6 +64,11 @@ BOARD_SEPOLICY_UNION += \
         domain.te \
         file.te \
         file_contexts \
+        goldfish_setup.te \
+        goldfish_logcat.te \
+        property.te \
+        property_contexts \
+        qemu_props.te \
         qemud.te \
         rild.te \
         shell.te \

target/board/generic_x86/BoardConfig.mk

@@ -53,6 +53,11 @@ BOARD_SEPOLICY_UNION += \
         file_contexts \
         healthd.te \
         installd.te \
+        goldfish_setup.te \
+        goldfish_logcat.te \
+        property.te \
+        property_contexts \
+        qemu_props.te \
         qemud.te \
         rild.te \
         shell.te \