Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45
am: aa0cb606c3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387 Change-Id: If236dcb72b0e8b63c9ee25734993c6ee4a901178
This commit is contained in:
commit
3bed79292e
8 changed files with 1 additions and 56 deletions
|
@ -19,8 +19,6 @@
|
||||||
diced
|
diced
|
||||||
diced_exec
|
diced_exec
|
||||||
fwk_automotive_display_service
|
fwk_automotive_display_service
|
||||||
evsmanagerd
|
|
||||||
evsmanagerd_service
|
|
||||||
extra_free_kbytes
|
extra_free_kbytes
|
||||||
extra_free_kbytes_exec
|
extra_free_kbytes_exec
|
||||||
fs_bpf_vendor
|
fs_bpf_vendor
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
# evsmanager
|
|
||||||
typeattribute evsmanagerd coredomain;
|
|
||||||
typeattribute evsmanagerd evsmanager_service_server;
|
|
||||||
|
|
||||||
type evsmanagerd_exec, system_file_type, exec_type, file_type;
|
|
||||||
|
|
||||||
init_daemon_domain(evsmanagerd);
|
|
||||||
|
|
||||||
# Declares as a binder service
|
|
||||||
binder_service(evsmanagerd)
|
|
||||||
|
|
||||||
# Allows to add a service to service_manager
|
|
||||||
add_service(evsmanagerd, evsmanagerd_service)
|
|
||||||
|
|
||||||
# Allows to use the binder IPC
|
|
||||||
binder_use(evsmanagerd)
|
|
||||||
|
|
||||||
# Allows binder IPCs to the various system services
|
|
||||||
binder_call(evsmanagerd, system_server)
|
|
||||||
|
|
||||||
# Allows to use EVS HAL implementations
|
|
||||||
hal_client_domain(evsmanagerd, hal_evs)
|
|
||||||
|
|
||||||
# Allows to write messages to the shell
|
|
||||||
allow evsmanagerd shell:fd use;
|
|
||||||
allow evsmanagerd shell:fifo_file write;
|
|
||||||
|
|
||||||
# Allows to use the graphics allocator
|
|
||||||
allow evsmanagerd hal_graphics_allocator:fd use;
|
|
||||||
|
|
||||||
# Allows to use a bootstrap statsd
|
|
||||||
allow evsmanagerd statsbootstrap_service:service_manager find;
|
|
||||||
|
|
||||||
# Allows binder IPCs to the CarService
|
|
||||||
binder_call(evsmanagerd, appdomain)
|
|
||||||
|
|
||||||
# For HIDL evs manager implementation
|
|
||||||
allow evsmanagerd hal_evs_hwservice:hwservice_manager add;
|
|
||||||
allow evsmanagerd hidl_base_hwservice:hwservice_manager add;
|
|
|
@ -377,8 +377,6 @@
|
||||||
/system/bin/odsign u:object_r:odsign_exec:s0
|
/system/bin/odsign u:object_r:odsign_exec:s0
|
||||||
/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
|
/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
|
||||||
/system/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
|
/system/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
|
||||||
/system/bin/evsmanagerd u:object_r:evsmanagerd_exec:s0
|
|
||||||
/system/bin/android\.automotive\.evs\.manager@1\.[0-9]+ u:object_r:evsmanagerd_exec:s0
|
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# Vendor files
|
# Vendor files
|
||||||
|
|
|
@ -75,7 +75,6 @@ aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
|
||||||
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
|
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
|
||||||
aidl_lazy_cb_test u:object_r:aidl_lazy_test_service:s0
|
aidl_lazy_cb_test u:object_r:aidl_lazy_test_service:s0
|
||||||
alarm u:object_r:alarm_service:s0
|
alarm u:object_r:alarm_service:s0
|
||||||
android.hardware.automotive.evs.IEvsEnumerator/default u:object_r:evsmanagerd_service:s0
|
|
||||||
android.os.UpdateEngineService u:object_r:update_engine_service:s0
|
android.os.UpdateEngineService u:object_r:update_engine_service:s0
|
||||||
android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
|
android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
|
||||||
android.frameworks.automotive.display.ICarDisplayProxy/default u:object_r:fwk_automotive_display_service:s0
|
android.frameworks.automotive.display.ICarDisplayProxy/default u:object_r:fwk_automotive_display_service:s0
|
||||||
|
|
|
@ -398,7 +398,6 @@ hal_attribute(wifi_supplicant);
|
||||||
attribute automotive_display_service_server;
|
attribute automotive_display_service_server;
|
||||||
attribute camera_service_server;
|
attribute camera_service_server;
|
||||||
attribute display_service_server;
|
attribute display_service_server;
|
||||||
attribute evsmanager_service_server;
|
|
||||||
attribute scheduler_service_server;
|
attribute scheduler_service_server;
|
||||||
attribute sensor_service_server;
|
attribute sensor_service_server;
|
||||||
attribute stats_service_server;
|
attribute stats_service_server;
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
# evsmanager daemon
|
|
||||||
type evsmanagerd, domain;
|
|
|
@ -1,12 +1,5 @@
|
||||||
hwbinder_use(hal_evs_client)
|
hwbinder_use(hal_evs_client)
|
||||||
hwbinder_use(hal_evs_server)
|
hwbinder_use(hal_evs_server)
|
||||||
|
|
||||||
binder_call(hal_evs_client, hal_evs_server)
|
binder_call(hal_evs_client, hal_evs_server)
|
||||||
binder_call(hal_evs_server, hal_evs_client)
|
binder_call(hal_evs_server, hal_evs_client)
|
||||||
|
hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
|
||||||
# Below lines are equivalent to hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
|
|
||||||
# except it allows evsmanagerd to add hal_evs_hwservice.
|
|
||||||
allow hal_evs_client hal_evs_hwservice:hwservice_manager find;
|
|
||||||
allow hal_evs_server hal_evs_hwservice:hwservice_manager { add find };
|
|
||||||
allow hal_evs_server hidl_base_hwservice:hwservice_manager add;
|
|
||||||
neverallow { domain -hal_evs_server -evsmanagerd } hal_evs_hwservice:hwservice_manager add;
|
|
||||||
|
|
|
@ -13,7 +13,6 @@ type dice_node_service, service_manager_type;
|
||||||
type dnsresolver_service, service_manager_type;
|
type dnsresolver_service, service_manager_type;
|
||||||
type drmserver_service, service_manager_type;
|
type drmserver_service, service_manager_type;
|
||||||
type dumpstate_service, service_manager_type;
|
type dumpstate_service, service_manager_type;
|
||||||
type evsmanagerd_service, service_manager_type;
|
|
||||||
type fingerprintd_service, service_manager_type;
|
type fingerprintd_service, service_manager_type;
|
||||||
type fwk_automotive_display_service, service_manager_type;
|
type fwk_automotive_display_service, service_manager_type;
|
||||||
type gatekeeper_service, app_api_service, service_manager_type;
|
type gatekeeper_service, app_api_service, service_manager_type;
|
||||||
|
|
Loading…
Reference in a new issue