tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Treble-ize sepolicy for fwk HIDL services.

Browse source 
Bug: 130734497
Test: m selinux_policy; system_server and statds still have permission
to export HIDL services.
Change-Id: I6e87b236bdbdd939fca51fb7255e97635118ed2d
Merged-In: I6e87b236bdbdd939fca51fb7255e97635118ed2d
(cherry picked from commit 1d34b8cc31)
This commit is contained in:
Tri Vo 2019-04-22 10:09:38 -07:00
parent f33351bc98
commit 1bbbf810c9
7 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/statsd.te
View file

@ -1,4 +1,5 @@
typeattribute statsd coredomain; typeattribute statsd coredomain;
typeattribute statsd stats_service_server;
init_daemon_domain(statsd) init_daemon_domain(statsd)

6
private/system_server.te
View file

@ -5,6 +5,8 @@
typeattribute system_server coredomain; typeattribute system_server coredomain;
typeattribute system_server mlstrustedsubject; typeattribute system_server mlstrustedsubject;
typeattribute system_server scheduler_service_server;
typeattribute system_server sensor_service_server;
# Define a type for tmpfs-backed ashmem regions. # Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server) tmpfs_domain(system_server)
@ -240,10 +242,6 @@ allow system_server hal_graphics_composer:fd use;
allow system_server hal_renderscript_hwservice:hwservice_manager find; allow system_server hal_renderscript_hwservice:hwservice_manager find;
allow system_server same_process_hal_file:file { execute read open getattr map }; allow system_server same_process_hal_file:file { execute read open getattr map };
# Offer HwBinder services
add_hwservice(system_server, fwk_scheduler_hwservice)
add_hwservice(system_server, fwk_sensor_hwservice)
# Talk to tombstoned to get ANR traces. # Talk to tombstoned to get ANR traces.
unix_socket_connect(system_server, tombstoned_intercept, tombstoned) unix_socket_connect(system_server, tombstoned_intercept, tombstoned)

11
public/attributes
View file

@ -303,11 +303,14 @@ hal_attribute(wifi_supplicant);
# from one core domain to another, without having to update the vendor image # from one core domain to another, without having to update the vendor image
# which contains clients of this service. # which contains clients of this service.
attribute display_service_server;
attribute wifi_keystore_service_server;
attribute mediaswcodec_server;
attribute system_suspend_server;
attribute camera_service_server; attribute camera_service_server;
attribute display_service_server;
attribute mediaswcodec_server;
attribute scheduler_service_server;
attribute sensor_service_server;
attribute stats_service_server;
attribute system_suspend_server;
attribute wifi_keystore_service_server;
# All types used for super partition block devices. # All types used for super partition block devices.
attribute super_block_device_type; attribute super_block_device_type;

1
public/scheduler_service_server.te Normal file
View file

@ -0,0 +1 @@
add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)

1
public/sensor_service_server.te Normal file
View file

@ -0,0 +1 @@
add_hwservice(sensor_service_server, fwk_sensor_hwservice)

1
public/stats_service_server.te Normal file
View file

@ -0,0 +1 @@
add_hwservice(stats_service_server, fwk_stats_hwservice)

3
public/statsd.te
View file

@ -50,9 +50,6 @@ allow statsd {
system_api_service system_api_service
}:service_manager find; }:service_manager find;
# Allow statsd to add as HIDL service.
add_hwservice(statsd, fwk_stats_hwservice)
# Grant statsd to access health hal to access battery metrics. # Grant statsd to access health hal to access battery metrics.
allow statsd hal_health_hwservice:hwservice_manager find; allow statsd hal_health_hwservice:hwservice_manager find;