Adding statscompanion_service and a dontaudit for find/add

Instead of removing the denial generating code, a dontaudit and a service label will be provided so that the team working on this new feature doesn't have to get slowed up with local revision patches. The dontaudit should be removed upon resolution of the linked bug. Bug: 67468181 Test: statscompanion denials aren't audited Change-Id: Ib4554a7b6c714e7409ea504f5d0b82d5e1283cf7
2017-10-23 16:25:11 -07:00 · 2017-10-23 16:25:11 -07:00 · 0187b23113
commit 0187b23113
parent 1b223839e0
4 changed files with 6 additions and 0 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -22,6 +22,7 @@
    mediaprovider_tmpfs
    netd_stable_secret_prop
    package_native_service
+    statscompanion_service
    storaged_data_file
    sysfs_fs_ext4_features
    system_boot_reason_prop
--- a/private/service_contexts
+++ b/private/service_contexts
@ -140,6 +140,7 @@ simphonebook_msim                         u:object_r:radio_service:s0
 simphonebook2                             u:object_r:radio_service:s0
 simphonebook                              u:object_r:radio_service:s0
 sip                                       u:object_r:radio_service:s0
+statscompanion                            u:object_r:statscompanion_service:s0
 soundtrigger                              u:object_r:voiceinteraction_service:s0
 statusbar                                 u:object_r:statusbar_service:s0
 storaged                                  u:object_r:storaged_service:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -786,3 +786,6 @@ neverallow system_server { domain -system_server }:process ptrace;
 # file read access. However, that is now unnecessary (b/34951864)
 # This neverallow can be removed after b/34951864 is fixed.
 neverallow system_server system_server:capability sys_resource;
+
+# TODO(b/67468181): Remove following lines upon resolution of this bug
+dontaudit system_server statscompanion_service:service_manager { add find };
--- a/public/service.te
+++ b/public/service.te
@ -21,6 +21,7 @@ type mediadrmserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
+type statscompanion_service,    service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    service_manager_type;
 type system_app_service,        service_manager_type;