Update SELinux Policy for bufferhubd

Create a new service type buffer_hub_binder_service for BufferHubBinderService and allow bufferhubd to publish the service. Add the service to 26.0, 27.0 and 28.0 compat ignore files since the service is not available in past versions. Fixes: 116022258 Test: build passed Change-Id: I5a21f00329ed474433d96c8d1ce32377f20cada3
2018-09-17 17:06:19 -07:00 · 2018-09-17 17:06:19 -07:00 · 26fa914cb2
commit 26fa914cb2
parent 06ddf4b44e
8 changed files with 16 additions and 0 deletions
--- a/private/bufferhubd.te
+++ b/private/bufferhubd.te
@ -1,3 +1,7 @@
 typeattribute bufferhubd coredomain;

 init_daemon_domain(bufferhubd)
+
+# Permission for create binder service "bufferhubd"
+binder_use(bufferhubd);
+add_service(bufferhubd, buffer_hub_service);
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -18,6 +18,8 @@
    bpfloader
    bpfloader_exec
    broadcastradio_service
+    ;; TODO(b/116344577): remove after the issue is resolved
+    buffer_hub_service
    cgroup_bpf
    color_display_service
    crossprofileapps_service
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -16,6 +16,8 @@
    bluetooth_a2dp_offload_prop
    bpfloader
    bpfloader_exec
+    ;; TODO(b/116344577): remove after the issue is resolved
+    buffer_hub_service
    cgroup_bpf
    color_display_service
    crossprofileapps_service
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -7,6 +7,8 @@
    adb_service
    app_binding_service
    biometric_service
+    ;; TODO(b/116344577): remove after the issue is resolved
+    buffer_hub_service
    fastbootd
    color_display_service
    hal_health_storage_hwservice
--- a/private/service.te
+++ b/private/service.te
@ -1,2 +1,3 @@
+type buffer_hub_service, service_manager_type;
 type stats_service, service_manager_type;
 type statscompanion_service, system_server_service, service_manager_type;
--- a/private/service_contexts
+++ b/private/service_contexts
@ -22,6 +22,7 @@ biometric                                 u:object_r:biometric_service:s0
 bluetooth_manager                         u:object_r:bluetooth_manager_service:s0
 bluetooth                                 u:object_r:bluetooth_service:s0
 broadcastradio                            u:object_r:broadcastradio_service:s0
+bufferhubd                                u:object_r:buffer_hub_service:s0
 carrier_config                            u:object_r:radio_service:s0
 clipboard                                 u:object_r:clipboard_service:s0
 com.android.net.IProxyService             u:object_r:IProxyService_service:s0
--- a/private/shell.te
+++ b/private/shell.te
@ -51,3 +51,6 @@ binder_call(shell, statsd);
 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
 allow shell perfetto_traces_data_file:file r_file_perms;
+
+# Allow shell-based "dumpsys" to call into bufferhubd.
+binder_call(shell, bufferhubd);
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@ -4,6 +4,7 @@ type bufferhubd_exec, exec_type, file_type;

 hal_client_domain(bufferhubd, hal_graphics_allocator)

+# TODO(b/112338294): remove these after migrate to Binder
 pdx_server(bufferhubd, bufferhub_client)
 pdx_client(bufferhubd, performance_client)