Treble-ize sepolicy for fwk HIDL services.
Bug: 130734497
Test: m selinux_policy; system_server and statds still have permission
to export HIDL services.
Change-Id: I6e87b236bdbdd939fca51fb7255e97635118ed2d
Merged-In: I6e87b236bdbdd939fca51fb7255e97635118ed2d
(cherry picked from commit 1d34b8cc31
)
This commit is contained in:
parent
f33351bc98
commit
1bbbf810c9
7 changed files with 13 additions and 11 deletions
|
@ -1,4 +1,5 @@
|
|||
typeattribute statsd coredomain;
|
||||
typeattribute statsd stats_service_server;
|
||||
|
||||
init_daemon_domain(statsd)
|
||||
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
|
||||
typeattribute system_server coredomain;
|
||||
typeattribute system_server mlstrustedsubject;
|
||||
typeattribute system_server scheduler_service_server;
|
||||
typeattribute system_server sensor_service_server;
|
||||
|
||||
# Define a type for tmpfs-backed ashmem regions.
|
||||
tmpfs_domain(system_server)
|
||||
|
@ -240,10 +242,6 @@ allow system_server hal_graphics_composer:fd use;
|
|||
allow system_server hal_renderscript_hwservice:hwservice_manager find;
|
||||
allow system_server same_process_hal_file:file { execute read open getattr map };
|
||||
|
||||
# Offer HwBinder services
|
||||
add_hwservice(system_server, fwk_scheduler_hwservice)
|
||||
add_hwservice(system_server, fwk_sensor_hwservice)
|
||||
|
||||
# Talk to tombstoned to get ANR traces.
|
||||
unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
|
||||
|
||||
|
|
|
@ -303,11 +303,14 @@ hal_attribute(wifi_supplicant);
|
|||
# from one core domain to another, without having to update the vendor image
|
||||
# which contains clients of this service.
|
||||
|
||||
attribute display_service_server;
|
||||
attribute wifi_keystore_service_server;
|
||||
attribute mediaswcodec_server;
|
||||
attribute system_suspend_server;
|
||||
attribute camera_service_server;
|
||||
attribute display_service_server;
|
||||
attribute mediaswcodec_server;
|
||||
attribute scheduler_service_server;
|
||||
attribute sensor_service_server;
|
||||
attribute stats_service_server;
|
||||
attribute system_suspend_server;
|
||||
attribute wifi_keystore_service_server;
|
||||
|
||||
# All types used for super partition block devices.
|
||||
attribute super_block_device_type;
|
||||
|
|
1
public/scheduler_service_server.te
Normal file
1
public/scheduler_service_server.te
Normal file
|
@ -0,0 +1 @@
|
|||
add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)
|
1
public/sensor_service_server.te
Normal file
1
public/sensor_service_server.te
Normal file
|
@ -0,0 +1 @@
|
|||
add_hwservice(sensor_service_server, fwk_sensor_hwservice)
|
1
public/stats_service_server.te
Normal file
1
public/stats_service_server.te
Normal file
|
@ -0,0 +1 @@
|
|||
add_hwservice(stats_service_server, fwk_stats_hwservice)
|
|
@ -50,9 +50,6 @@ allow statsd {
|
|||
system_api_service
|
||||
}:service_manager find;
|
||||
|
||||
# Allow statsd to add as HIDL service.
|
||||
add_hwservice(statsd, fwk_stats_hwservice)
|
||||
|
||||
# Grant statsd to access health hal to access battery metrics.
|
||||
allow statsd hal_health_hwservice:hwservice_manager find;
|
||||
|
||||
|
|
Loading…
Reference in a new issue