2020-01-04 01:32:07 +01:00
|
|
|
type aidl_lazy_test_service, service_manager_type;
|
2020-12-02 03:55:11 +01:00
|
|
|
type apc_service, service_manager_type;
|
2018-08-17 09:35:42 +02:00
|
|
|
type apex_service, service_manager_type;
|
2021-03-03 21:30:28 +01:00
|
|
|
type artd_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type audioserver_service, service_manager_type, isolated_compute_allowed_service;
|
2020-12-17 02:36:21 +01:00
|
|
|
type authorization_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
|
2014-06-26 21:36:43 +02:00
|
|
|
type bluetooth_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type cameraserver_service, service_manager_type, isolated_compute_allowed_service;
|
2022-12-13 00:20:02 +01:00
|
|
|
type fwk_camera_service, service_manager_type;
|
2014-06-06 00:52:02 +02:00
|
|
|
type default_android_service, service_manager_type;
|
2023-02-10 18:42:43 +01:00
|
|
|
type device_config_updatable_service, system_api_service, system_server_service,service_manager_type;
|
2019-02-25 13:12:15 +01:00
|
|
|
type dnsresolver_service, service_manager_type;
|
2014-06-06 00:52:02 +02:00
|
|
|
type drmserver_service, service_manager_type;
|
2016-10-29 00:52:15 +02:00
|
|
|
type dumpstate_service, service_manager_type;
|
2022-02-10 15:09:02 +01:00
|
|
|
type evsmanagerd_service, service_manager_type;
|
2015-05-13 00:16:06 +02:00
|
|
|
type fingerprintd_service, service_manager_type;
|
2022-01-31 18:23:32 +01:00
|
|
|
type fwk_automotive_display_service, service_manager_type;
|
2016-12-05 19:19:11 +01:00
|
|
|
type gatekeeper_service, app_api_service, service_manager_type;
|
2020-04-15 14:46:13 +02:00
|
|
|
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
|
2018-06-15 08:08:19 +02:00
|
|
|
type idmap_service, service_manager_type;
|
2016-11-21 08:23:04 +01:00
|
|
|
type incident_service, service_manager_type;
|
2016-12-05 19:19:11 +01:00
|
|
|
type installd_service, service_manager_type;
|
2020-01-17 22:47:53 +01:00
|
|
|
type credstore_service, app_api_service, service_manager_type;
|
2020-12-02 18:52:42 +01:00
|
|
|
type keystore_compat_hal_service, service_manager_type;
|
2021-03-08 18:19:38 +01:00
|
|
|
type keystore_maintenance_service, service_manager_type;
|
2021-06-10 17:05:49 +02:00
|
|
|
type keystore_metrics_service, service_manager_type;
|
2014-06-06 00:52:02 +02:00
|
|
|
type keystore_service, service_manager_type;
|
2021-06-15 17:01:16 +02:00
|
|
|
type legacykeystore_service, service_manager_type;
|
2019-03-14 23:45:03 +01:00
|
|
|
type lpdump_service, service_manager_type;
|
2021-12-09 04:49:23 +01:00
|
|
|
type mdns_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type mediaserver_service, service_manager_type, isolated_compute_allowed_service;
|
2017-01-24 21:53:45 +01:00
|
|
|
type mediametrics_service, service_manager_type;
|
2015-09-22 19:56:03 +02:00
|
|
|
type mediaextractor_service, service_manager_type;
|
2016-02-12 18:05:42 +01:00
|
|
|
type mediadrmserver_service, service_manager_type;
|
2019-11-28 03:10:01 +01:00
|
|
|
type mediatranscoding_service, app_api_service, service_manager_type;
|
2016-02-18 15:55:51 +01:00
|
|
|
type netd_service, service_manager_type;
|
2014-06-06 00:52:02 +02:00
|
|
|
type nfc_service, service_manager_type;
|
2023-01-25 22:47:53 +01:00
|
|
|
type ondevicepersonalization_system_service, system_api_service, system_server_service, service_manager_type;
|
2014-06-06 00:52:02 +02:00
|
|
|
type radio_service, service_manager_type;
|
2018-01-04 19:33:20 +01:00
|
|
|
type secure_element_service, service_manager_type;
|
2019-10-17 01:30:26 +02:00
|
|
|
type service_manager_service, service_manager_type;
|
2016-07-01 21:18:54 +02:00
|
|
|
type storaged_service, service_manager_type;
|
2017-11-09 00:42:34 +01:00
|
|
|
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
|
2014-07-01 17:38:56 +02:00
|
|
|
type system_app_service, service_manager_type;
|
2022-05-10 23:56:20 +02:00
|
|
|
type system_net_netd_service, service_manager_type;
|
2020-11-03 00:54:21 +01:00
|
|
|
type system_suspend_control_internal_service, service_manager_type;
|
2019-01-21 14:45:47 +01:00
|
|
|
type system_suspend_control_service, service_manager_type;
|
2016-01-26 01:41:03 +01:00
|
|
|
type update_engine_service, service_manager_type;
|
2020-07-23 04:57:15 +02:00
|
|
|
type update_engine_stable_service, service_manager_type;
|
2021-09-07 13:25:38 +02:00
|
|
|
type virtualization_service, service_manager_type;
|
2017-02-10 00:15:11 +01:00
|
|
|
type virtual_touchpad_service, service_manager_type;
|
2017-09-26 21:58:29 +02:00
|
|
|
type vold_service, service_manager_type;
|
2017-03-14 21:26:17 +01:00
|
|
|
type vr_hwc_service, service_manager_type;
|
2018-07-14 02:17:01 +02:00
|
|
|
type vrflinger_vsync_service, service_manager_type;
|
2014-12-17 00:45:26 +01:00
|
|
|
|
|
|
|
# system_server_services broken down
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-05-31 00:26:41 +02:00
|
|
|
type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-11-05 08:05:20 +01:00
|
|
|
type adb_service, system_api_service, system_server_service, service_manager_type;
|
2022-03-28 21:26:50 +02:00
|
|
|
type adservices_manager_service, system_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-09-05 02:13:16 +02:00
|
|
|
type app_binding_service, system_server_service, service_manager_type;
|
2022-01-29 02:56:05 +01:00
|
|
|
type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
|
2019-12-05 12:24:54 +01:00
|
|
|
type app_integrity_service, system_api_service, system_server_service, service_manager_type;
|
2018-11-19 22:58:19 +01:00
|
|
|
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
|
2019-11-05 23:27:44 +01:00
|
|
|
type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-10-08 23:53:24 +02:00
|
|
|
type attestation_verification_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2019-11-15 00:32:24 +01:00
|
|
|
type auth_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-07 02:27:42 +02:00
|
|
|
type battery_service, system_server_service, service_manager_type;
|
2018-01-11 03:11:22 +01:00
|
|
|
type binder_calls_stats_service, system_server_service, service_manager_type;
|
2019-10-29 23:28:20 +01:00
|
|
|
type blob_store_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-06-22 16:55:16 +02:00
|
|
|
type broadcastradio_service, system_server_service, service_manager_type;
|
2020-04-30 01:10:15 +02:00
|
|
|
type cacheinfo_service, system_api_service, system_server_service, service_manager_type;
|
2015-05-20 02:26:31 +02:00
|
|
|
type cameraproxy_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-12-16 19:41:17 +01:00
|
|
|
type cloudsearch_service, app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type contexthub_service, app_api_service, system_server_service, service_manager_type;
|
2017-10-13 15:48:32 +02:00
|
|
|
type crossprofileapps_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2022-01-11 04:23:21 +01:00
|
|
|
type connectivity_native_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
|
2018-12-18 00:39:58 +01:00
|
|
|
type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2016-12-01 03:27:03 +01:00
|
|
|
# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled
|
|
|
|
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
|
|
|
|
type coverage_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
|
2023-03-20 19:41:55 +01:00
|
|
|
type cpu_monitor_service, system_server_service, service_manager_type;
|
2022-10-19 01:58:01 +02:00
|
|
|
type credential_service, app_api_service, ephemeral_app_api_service, system_api_service, system_server_service, service_manager_type;
|
2019-12-10 22:27:08 +01:00
|
|
|
type dataloader_manager_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
|
2018-12-07 17:27:29 +01:00
|
|
|
type device_config_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type device_policy_service, app_api_service, system_server_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type device_state_service, app_api_service, system_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type devicestoragemonitor_service, system_server_service, service_manager_type;
|
2015-04-07 21:37:32 +02:00
|
|
|
type diskstats_service, system_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-03-11 23:30:57 +01:00
|
|
|
type domain_verification_service, app_api_service, system_server_service, service_manager_type;
|
2018-09-27 23:17:42 +02:00
|
|
|
type color_display_service, system_api_service, system_server_service, service_manager_type;
|
2019-01-22 21:55:08 +01:00
|
|
|
type external_vibrator_service, system_server_service, service_manager_type;
|
2019-12-19 18:25:07 +01:00
|
|
|
type file_integrity_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2016-09-01 11:08:57 +02:00
|
|
|
type netd_listener_service, system_server_service, service_manager_type;
|
2017-11-13 18:52:05 +01:00
|
|
|
type network_watchlist_service, system_server_service, service_manager_type;
|
2022-09-23 19:27:50 +02:00
|
|
|
type devicelock_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type DockObserver_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type ethernet_service, app_api_service, system_server_service, service_manager_type;
|
2018-09-21 05:32:32 +02:00
|
|
|
type biometric_service, app_api_service, system_server_service, service_manager_type;
|
SEPolicy changes for public BugreportManager API.
Allow non-system apps to get an instance through
Context#getSystemService, and then dumpstate also needs permissions to
append to public apps' files.
Most carrier apps are not pre-installed, but we still want to allow them
to request connectivity bug reports, which are well-scoped to contain
limited PII and all info should directly relate to connectivity
(cellular/wifi/networking) debugging.
BugreportManager underneath validates that the calling app has carrier
privileges before actually starting the bug report routine. User consent
is requested for every bugreport requested by carrier apps.
Without the dumpstate.te change, the following error will occur:
01-14 20:08:52.394 1755 1755 I auditd : type=1400 audit(0.0:10): avc: denied { append } for comm="Binder:1755_16" path="/data/user/0/com.carrier.bugreportapp.public/files/bugreports/bugreport-2021-01-14-20-08-51.zip" dev="dm-8" ino=25218 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c7,c257,c512,c768 tclass=file permissive=0
[ 1167.128552] type=1400 audit(1610654932.394:10): avc: denied { append } for comm="Binder:1755_16" path="/data/user/0/com.carrier.bugreportapp.public/files/bugreports/bugreport-2021-01-14-20-08-51.zip" dev="dm-8" ino=25218 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c7,c257,c512,c768 tclass=file permissive=0
Bug: 161393541
Test: atest CtsCarrierApiTestCases:BugreportManagerTest
Change-Id: I443b1f6cd96223ed600c4006bc344c2a8663fdc7
2020-12-08 21:11:03 +01:00
|
|
|
type bugreport_service, app_api_service, system_server_service, service_manager_type;
|
2020-01-16 17:56:32 +01:00
|
|
|
type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-09-01 03:14:16 +02:00
|
|
|
type face_service, app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
|
2023-01-29 19:36:59 +01:00
|
|
|
type fwk_altitude_service, system_server_service, service_manager_type;
|
2021-05-07 00:03:47 +02:00
|
|
|
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
|
2022-11-07 21:41:10 +01:00
|
|
|
type fwk_sensor_service, system_server_service, service_manager_type;
|
2021-03-11 20:02:44 +01:00
|
|
|
type game_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
|
2020-12-09 07:14:30 +01:00
|
|
|
type gnss_time_update_service, system_server_service, service_manager_type;
|
2022-11-07 11:32:46 +01:00
|
|
|
type grammatical_inflection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-07 21:37:32 +02:00
|
|
|
type hardware_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-01-15 13:21:48 +01:00
|
|
|
type hdmi_control_service, app_api_service, system_server_service, service_manager_type;
|
2022-09-15 19:38:27 +02:00
|
|
|
type healthconnect_service, app_api_service, system_server_service, service_manager_type;
|
2021-04-01 20:00:21 +02:00
|
|
|
type hint_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-08-31 00:09:50 +02:00
|
|
|
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2019-12-11 00:41:18 +01:00
|
|
|
type incremental_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-03-02 21:25:58 +01:00
|
|
|
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-09-01 03:14:16 +02:00
|
|
|
type iris_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-12-04 23:27:12 +01:00
|
|
|
type legacy_permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-01-21 16:37:44 +01:00
|
|
|
type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-08-10 15:42:43 +02:00
|
|
|
type locale_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-09-08 12:41:43 +02:00
|
|
|
type location_time_zone_manager_service, system_server_service, service_manager_type;
|
2021-03-15 19:04:12 +01:00
|
|
|
type lock_settings_service, app_api_service, system_api_service, system_server_service, service_manager_type;
|
2018-08-30 14:04:55 +02:00
|
|
|
type looper_stats_service, system_server_service, service_manager_type;
|
2021-01-08 08:50:13 +01:00
|
|
|
type media_communication_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-02-09 02:49:46 +01:00
|
|
|
type media_metrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type meminfo_service, system_api_service, system_server_service, service_manager_type;
|
2021-03-27 22:17:05 +01:00
|
|
|
type memtrackproxy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-12-03 12:12:05 +01:00
|
|
|
type music_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2022-04-14 06:18:47 +02:00
|
|
|
type nearby_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-08 22:04:59 +02:00
|
|
|
type network_score_service, system_api_service, system_server_service, service_manager_type;
|
2018-12-14 06:13:52 +01:00
|
|
|
type network_stack_service, system_server_service, service_manager_type;
|
2016-02-27 02:21:47 +01:00
|
|
|
type network_time_update_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-02-17 14:51:32 +01:00
|
|
|
type oem_lock_service, system_api_service, system_server_service, service_manager_type;
|
2015-12-03 06:23:30 +01:00
|
|
|
type otadexopt_service, system_server_service, service_manager_type;
|
2017-05-18 00:33:08 +02:00
|
|
|
type overlay_service, system_api_service, system_server_service, service_manager_type;
|
2021-05-13 11:23:40 +02:00
|
|
|
type pac_proxy_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2019-03-13 19:06:26 +01:00
|
|
|
type package_native_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-10-16 21:22:28 +02:00
|
|
|
type people_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-12-20 16:50:53 +01:00
|
|
|
type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-04-17 09:00:40 +02:00
|
|
|
type permission_checker_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-09 20:41:09 +02:00
|
|
|
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
|
2016-05-02 20:04:39 +02:00
|
|
|
type pinner_service, system_server_service, service_manager_type;
|
2021-03-16 00:56:27 +01:00
|
|
|
type powerstats_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-08 22:04:59 +02:00
|
|
|
type processinfo_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-12-07 14:20:06 +01:00
|
|
|
type reboot_readiness_service, app_api_service, system_server_service, service_manager_type;
|
2016-02-03 21:43:58 +01:00
|
|
|
type recovery_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2022-10-20 23:09:11 +02:00
|
|
|
type remote_provisioning_service, system_server_service, service_manager_type;
|
2022-01-11 00:03:42 +01:00
|
|
|
type resources_manager_service, system_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-11-09 02:37:45 +01:00
|
|
|
type role_service, app_api_service, system_server_service, service_manager_type;
|
2018-10-02 12:20:32 +02:00
|
|
|
type rollback_service, app_api_service, system_server_service, service_manager_type;
|
2018-11-20 20:41:15 +01:00
|
|
|
type runtime_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type samplingprofiler_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type scheduling_policy_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-12-09 00:53:36 +01:00
|
|
|
type search_ui_service, app_api_service, system_server_service, service_manager_type;
|
2016-06-03 20:36:41 +02:00
|
|
|
type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
|
2021-11-15 13:47:59 +01:00
|
|
|
type selection_toolbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-12-05 07:38:01 +01:00
|
|
|
type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type serial_service, system_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type shortcut_service, app_api_service, system_server_service, service_manager_type;
|
2017-12-04 20:41:54 +01:00
|
|
|
type slice_service, app_api_service, system_server_service, service_manager_type;
|
2021-01-14 21:54:03 +01:00
|
|
|
type smartspace_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2022-02-21 18:55:59 +01:00
|
|
|
type sdk_sandbox_service, app_api_service, system_server_service, service_manager_type;
|
2019-12-24 03:14:28 +01:00
|
|
|
type system_config_service, system_api_service, system_server_service, service_manager_type;
|
2020-10-20 03:21:17 +02:00
|
|
|
type system_server_dumper_service, system_api_service, system_server_service, service_manager_type;
|
2017-10-17 06:57:12 +02:00
|
|
|
type system_update_service, system_server_service, service_manager_type;
|
2019-09-24 19:11:33 +02:00
|
|
|
type soundtrigger_middleware_service, system_server_service, service_manager_type;
|
2023-04-20 18:38:30 +02:00
|
|
|
type speech_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
|
2021-07-14 19:25:14 +02:00
|
|
|
type tare_service, app_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type task_service, system_server_service, service_manager_type;
|
2019-01-15 22:39:30 +01:00
|
|
|
type testharness_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
|
|
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-01-24 15:16:33 +01:00
|
|
|
type texttospeech_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2018-12-11 01:28:59 +01:00
|
|
|
type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2023-02-27 20:35:21 +01:00
|
|
|
type timedetector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-09-29 16:50:14 +02:00
|
|
|
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
|
2021-04-14 14:44:51 +02:00
|
|
|
type translation_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type trust_service, app_api_service, system_server_service, service_manager_type;
|
2021-10-22 09:02:05 +02:00
|
|
|
type tv_iapp_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-06-13 00:37:05 +02:00
|
|
|
type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type updatelock_service, system_api_service, system_server_service, service_manager_type;
|
2018-07-22 08:21:08 +02:00
|
|
|
type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2017-03-31 00:50:56 +02:00
|
|
|
type usb_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-03-31 23:57:39 +02:00
|
|
|
type uwb_service, app_api_service, system_server_service, service_manager_type;
|
2020-07-28 23:06:47 +02:00
|
|
|
type vcn_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-09-15 18:22:06 +02:00
|
|
|
type vibrator_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-12-07 05:07:55 +01:00
|
|
|
type virtual_device_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2021-02-07 09:51:13 +01:00
|
|
|
type vpn_management_service, app_api_service, system_server_service, service_manager_type;
|
2016-04-06 03:12:21 +02:00
|
|
|
type vr_manager_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type wallpaper_service, app_api_service, system_server_service, service_manager_type;
|
2022-01-20 02:33:43 +01:00
|
|
|
type wallpaper_effects_generation_service, app_api_service, system_server_service, service_manager_type;
|
Start locking down access to services from ephemeral apps
This starts with the reduction in the number of services that
ephemeral apps can access. Prior to this commit, ephemeral apps were
permitted to access most of the service_manager services accessible
by conventional apps. This commit reduces this set by removing access
from ephemeral apps to:
* gatekeeper_service,
* sec_key_att_app_id_provider_service,
* wallpaper_service,
* wifiaware_service,
* wifip2p_service,
* wifi_service.
Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine.
Bug: 33349998
Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
2017-02-28 22:59:06 +01:00
|
|
|
type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
|
2015-04-03 01:50:08 +02:00
|
|
|
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type wifi_service, app_api_service, system_server_service, service_manager_type;
|
2020-05-07 12:14:36 +02:00
|
|
|
type wifinl80211_service, service_manager_type;
|
2016-11-04 21:37:17 +01:00
|
|
|
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
|
2015-04-09 00:12:24 +02:00
|
|
|
type window_service, system_api_service, system_server_service, service_manager_type;
|
2018-11-16 22:32:58 +01:00
|
|
|
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
|
2019-12-16 11:07:24 +01:00
|
|
|
type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
2020-04-08 19:59:45 +02:00
|
|
|
type emergency_affordance_service, system_server_service, service_manager_type;
|
2018-12-19 22:36:53 +01:00
|
|
|
|
2019-10-26 00:04:45 +02:00
|
|
|
###
|
|
|
|
### HAL Services
|
|
|
|
###
|
|
|
|
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_audio_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_audiocontrol_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_authsecret_service, protected_service, hal_service_type, service_manager_type;
|
2022-08-10 23:19:27 +02:00
|
|
|
type hal_bluetooth_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_bootctl_service, protected_service, hal_service_type, service_manager_type;
|
2022-05-18 19:51:18 +02:00
|
|
|
type hal_broadcastradio_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_camera_service, protected_service, hal_service_type, service_manager_type;
|
2022-11-08 17:41:04 +01:00
|
|
|
type hal_can_controller_service, protected_service, hal_service_type, service_manager_type;
|
2022-09-21 14:05:31 +02:00
|
|
|
type hal_cas_service, hal_service_type, service_manager_type;
|
2022-08-09 20:42:15 +02:00
|
|
|
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_drm_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_evs_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_face_service, protected_service, hal_service_type, service_manager_type;
|
2022-11-09 00:57:09 +01:00
|
|
|
type hal_fastboot_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_fingerprint_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_gnss_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_graphics_allocator_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_graphics_composer_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_health_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_health_storage_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_identity_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_input_processor_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_ir_service, protected_service, hal_service_type, service_manager_type;
|
2023-04-11 02:33:12 +02:00
|
|
|
type hal_ivn_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_light_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_neuralnetworks_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_nfc_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_oemlock_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_power_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_power_stats_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_radio_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_rebootescrow_service, protected_service, hal_service_type, service_manager_type;
|
2022-09-14 02:06:55 +02:00
|
|
|
type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
|
2022-11-03 19:16:46 +01:00
|
|
|
type hal_secure_element_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_sharedsecret_service, protected_service, hal_service_type, service_manager_type;
|
2022-02-16 00:17:50 +01:00
|
|
|
type hal_system_suspend_service, protected_service, hal_service_type, service_manager_type;
|
2022-12-14 16:12:48 +01:00
|
|
|
type hal_tetheroffload_service, protected_service, hal_service_type, service_manager_type;
|
2022-09-30 23:12:36 +02:00
|
|
|
type hal_thermal_service, protected_service, hal_service_type, service_manager_type;
|
2022-09-19 17:46:07 +02:00
|
|
|
type hal_tv_hdmi_cec_service, protected_service, hal_service_type, service_manager_type;
|
2022-12-14 08:40:07 +01:00
|
|
|
type hal_tv_hdmi_connection_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_tv_hdmi_earc_service, protected_service, hal_service_type, service_manager_type;
|
2022-08-18 04:05:25 +02:00
|
|
|
type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_usb_service, protected_service, hal_service_type, service_manager_type;
|
2022-09-28 11:53:48 +02:00
|
|
|
type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_vehicle_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_vibrator_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_weaver_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_nlinterceptor_service, protected_service, hal_service_type, service_manager_type;
|
2022-07-14 23:16:31 +02:00
|
|
|
type hal_wifi_service, protected_service, hal_service_type, service_manager_type;
|
2022-06-30 19:09:05 +02:00
|
|
|
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
|
|
|
|
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
|
2022-07-21 02:14:14 +02:00
|
|
|
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
|
2019-10-26 00:04:45 +02:00
|
|
|
|
2018-12-19 22:36:53 +01:00
|
|
|
###
|
|
|
|
### Neverallow rules
|
|
|
|
###
|
|
|
|
|
|
|
|
# servicemanager handles registering or looking up named services.
|
|
|
|
# It does not make sense to register or lookup something which is not a service.
|
|
|
|
# Trigger a compile error if this occurs.
|
|
|
|
neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };
|