tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add sepolicy for profcollectd" am: 5e8c92003f

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1349682

Change-Id: I676ccbf64ff3d7a515a38c6f8972ad6f12ec9b58
This commit is contained in:
Yi Kong 2020-07-02 01:58:57 +00:00 committed by Automerger Merge Worker
commit 368a6430cd
8 changed files with 35 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/compat/30.0/30.0.ignore.cil
View file

@ -8,5 +8,9 @@
apex_info_file apex_info_file
debugfs_kprobes debugfs_kprobes
gnss_device gnss_device
mediatranscoding_tmpfs)) mediatranscoding_tmpfs
profcollectd
profcollectd_data_file
profcollectd_exec
profcollectd_service))

3
private/file.te
View file

@ -26,3 +26,6 @@ type ota_image_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/emergencynumberdb # /data/misc/emergencynumberdb
type emergency_data_file, file_type, data_file_type, core_data_file_type; type emergency_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/profcollectd
type profcollectd_data_file, file_type, data_file_type, core_data_file_type;

2
private/file_contexts
View file

@ -310,6 +310,7 @@
/system/bin/idmap u:object_r:idmap_exec:s0 /system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/idmap2(d)? u:object_r:idmap_exec:s0 /system/bin/idmap2(d)? u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0 /system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/profcollectd u:object_r:profcollectd_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0 /system/bin/storaged u:object_r:storaged_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0 /system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 /system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
@ -550,6 +551,7 @@
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0 /data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0 /data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0 /data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/profcollectd(/.*)? u:object_r:profcollectd_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0 /data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0 /data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0 /data/misc/sms(/.*)? u:object_r:radio_data_file:s0

15
private/profcollectd.te Normal file
View file

@ -0,0 +1,15 @@
# profcollectd - hardware profile collection daemon
type profcollectd, domain, coredomain;
type profcollectd_exec, system_file_type, exec_type, file_type;
userdebug_or_eng(`
init_daemon_domain(profcollectd)
# profcollectd opens a file for writing in /data/misc/profcollectd
allow profcollectd profcollectd_data_file:file create_file_perms;
allow profcollectd profcollectd_data_file:dir rw_dir_perms;
# Allow profcollectd to publish a binder service and make binder calls.
binder_use(profcollectd)
add_service(profcollectd, profcollectd_service)
')

1
private/service.te
View file

@ -2,6 +2,7 @@ type attention_service, system_server_service, service_manager_type;
type dynamic_system_service, system_api_service, system_server_service, service_manager_type; type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
type gsi_service, service_manager_type; type gsi_service, service_manager_type;
type incidentcompanion_service, system_api_service, system_server_service, service_manager_type; type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
type profcollectd_service, service_manager_type;
type stats_service, service_manager_type; type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type; type statscompanion_service, system_server_service, service_manager_type;
type statsmanager_service, system_api_service, system_server_service, service_manager_type; type statsmanager_service, system_api_service, system_server_service, service_manager_type;

1
private/service_contexts
View file

@ -168,6 +168,7 @@ power u:object_r:power_service:s0
print u:object_r:print_service:s0 print u:object_r:print_service:s0
processinfo u:object_r:processinfo_service:s0 processinfo u:object_r:processinfo_service:s0
procstats u:object_r:procstats_service:s0 procstats u:object_r:procstats_service:s0
profcollectd u:object_r:profcollectd_service:s0
radio.phonesubinfo u:object_r:radio_service:s0 radio.phonesubinfo u:object_r:radio_service:s0
radio.phone u:object_r:radio_service:s0 radio.phone u:object_r:radio_service:s0
radio.sms u:object_r:radio_service:s0 radio.sms u:object_r:radio_service:s0

5
private/shell.te
View file

@ -143,3 +143,8 @@ userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
# Allow to read graphics related properties. # Allow to read graphics related properties.
get_prop(shell, graphics_config_prop) get_prop(shell, graphics_config_prop)
# Allow to issue control commands to profcollectd binder service.
userdebug_or_eng(`
allow shell profcollectd:binder call;
')

3
private/system_server.te
View file

@ -797,6 +797,9 @@ allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find; allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find; allow system_server vold_service:service_manager find;
allow system_server wifinl80211_service:service_manager find; allow system_server wifinl80211_service:service_manager find;
userdebug_or_eng(`
allow system_server profcollectd_service:service_manager find;
')
add_service(system_server, batteryproperties_service) add_service(system_server, batteryproperties_service)