From 3189fafa2a8cf69322124a979f0049e536bda790 Mon Sep 17 00:00:00 2001 From: Amos Bianchi Date: Fri, 23 Sep 2022 10:27:50 -0700 Subject: [PATCH] Add sepolicy for new module. Bug: b/241442337 Test: TH Change-Id: Ia58e2d4b205638509545a0a2c356cd68862beb1f --- apex/Android.bp | 7 +++++++ apex/com.android.devicelock-file_contexts | 1 + build/soong/service_fuzzer_bindings.go | 1 + private/compat/33.0/33.0.ignore.cil | 1 + private/service_contexts | 1 + public/service.te | 1 + 6 files changed, 12 insertions(+) create mode 100644 apex/com.android.devicelock-file_contexts diff --git a/apex/Android.bp b/apex/Android.bp index bbe21930a..c4080ca97 100644 --- a/apex/Android.bp +++ b/apex/Android.bp @@ -286,3 +286,10 @@ filegroup { "com.android.rkpd-file_contexts", ], } + +filegroup { + name: "com.android.devicelock-file_contexts", + srcs: [ + "com.android.devicelock-file_contexts", + ], +} diff --git a/apex/com.android.devicelock-file_contexts b/apex/com.android.devicelock-file_contexts new file mode 100644 index 000000000..83b4b58e8 --- /dev/null +++ b/apex/com.android.devicelock-file_contexts @@ -0,0 +1 @@ +(/.*)? u:object_r:system_file:s0 diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go index 822cabc24..05e55ba8f 100644 --- a/build/soong/service_fuzzer_bindings.go +++ b/build/soong/service_fuzzer_bindings.go @@ -180,6 +180,7 @@ var ( "device_policy": []string{}, "device_identifiers": []string{}, "deviceidle": []string{}, + "device_lock": []string{}, "device_state": []string{}, "devicestoragemonitor": []string{}, "diskstats": []string{}, diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil index ad1072292..6d82d0f57 100644 --- a/private/compat/33.0/33.0.ignore.cil +++ b/private/compat/33.0/33.0.ignore.cil @@ -10,6 +10,7 @@ credential_service device_config_memory_safety_native_prop device_config_vendor_system_native_prop + devicelock_service hal_bootctl_service hal_remoteaccess_service hal_tv_input_service diff --git a/private/service_contexts b/private/service_contexts index 92f79c77e..f8c99df8d 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -165,6 +165,7 @@ device_config u:object_r:device_config_service:s0 device_policy u:object_r:device_policy_service:s0 device_identifiers u:object_r:device_identifiers_service:s0 deviceidle u:object_r:deviceidle_service:s0 +device_lock u:object_r:devicelock_service:s0 device_state u:object_r:device_state_service:s0 devicestoragemonitor u:object_r:devicestoragemonitor_service:s0 diskstats u:object_r:diskstats_service:s0 diff --git a/public/service.te b/public/service.te index 2b43fc22b..a844b820e 100644 --- a/public/service.te +++ b/public/service.te @@ -120,6 +120,7 @@ type file_integrity_service, app_api_service, system_server_service, service_man type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type netd_listener_service, system_server_service, service_manager_type; type network_watchlist_service, system_server_service, service_manager_type; +type devicelock_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type DockObserver_service, system_server_service, service_manager_type; type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;