Add SELinux properties for artd

Test: boot device and check for artd process Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab
2021-03-03 12:30:28 -08:00 · 2021-03-03 12:30:28 -08:00 · 467d8a80ea
commit 467d8a80ea
parent 98914119ae
5 changed files with 18 additions and 0 deletions
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                   u:object_r:system_file:s0
+/bin/artd                u:object_r:artd_exec:s0
 /bin/dex2oat(32|64)?     u:object_r:dex2oat_exec:s0
 /bin/dexoptanalyzer      u:object_r:dexoptanalyzer_exec:s0
 /bin/odrefresh           u:object_r:odrefresh_exec:s0
--- a/private/artd.te
+++ b/private/artd.te
@ -0,0 +1,12 @@
+# art service daemon
+type artd, domain;
+type artd_exec, system_file_type, exec_type, file_type;
+
+# Allow artd to publish a binder service and make binder calls.
+binder_use(artd)
+add_service(artd, artd_service)
+allow artd dumpstate:fifo_file  { getattr write };
+
+typeattribute artd coredomain;
+
+init_daemon_domain(artd)
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -17,6 +17,9 @@
    app_hibernation_service
    appcompat_data_file
    arm64_memtag_prop
+    artd
+    artd_exec
+    artd_service
    authorization_service
    bootanim_config_prop
    camerax_extensions_prop
--- a/private/service_contexts
+++ b/private/service_contexts
@ -51,6 +51,7 @@ blob_store                                u:object_r:blob_store_service:s0
 gsiservice                                u:object_r:gsi_service:s0
 appops                                    u:object_r:appops_service:s0
 appwidget                                 u:object_r:appwidget_service:s0
+artd                                      u:object_r:artd_service:s0
 assetatlas                                u:object_r:assetatlas_service:s0
 attention                                 u:object_r:attention_service:s0
 audio                                     u:object_r:audio_service:s0
--- a/public/service.te
+++ b/public/service.te
@ -1,6 +1,7 @@
 type aidl_lazy_test_service,    service_manager_type;
 type apc_service,               service_manager_type;
 type apex_service,              service_manager_type;
+type artd_service,              service_manager_type;
 type audioserver_service,       service_manager_type;
 type authorization_service,     service_manager_type;
 type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;