Add SELinux properties for artd

Test: boot device and check for artd process
Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab
This commit is contained in:
Chris Wailes 2021-03-03 12:30:28 -08:00
parent 98914119ae
commit 467d8a80ea
5 changed files with 18 additions and 0 deletions

View file

@ -2,6 +2,7 @@
# System files # System files
# #
(/.*)? u:object_r:system_file:s0 (/.*)? u:object_r:system_file:s0
/bin/artd u:object_r:artd_exec:s0
/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0 /bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0 /bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
/bin/odrefresh u:object_r:odrefresh_exec:s0 /bin/odrefresh u:object_r:odrefresh_exec:s0

12
private/artd.te Normal file
View file

@ -0,0 +1,12 @@
# art service daemon
type artd, domain;
type artd_exec, system_file_type, exec_type, file_type;
# Allow artd to publish a binder service and make binder calls.
binder_use(artd)
add_service(artd, artd_service)
allow artd dumpstate:fifo_file { getattr write };
typeattribute artd coredomain;
init_daemon_domain(artd)

View file

@ -17,6 +17,9 @@
app_hibernation_service app_hibernation_service
appcompat_data_file appcompat_data_file
arm64_memtag_prop arm64_memtag_prop
artd
artd_exec
artd_service
authorization_service authorization_service
bootanim_config_prop bootanim_config_prop
camerax_extensions_prop camerax_extensions_prop

View file

@ -51,6 +51,7 @@ blob_store u:object_r:blob_store_service:s0
gsiservice u:object_r:gsi_service:s0 gsiservice u:object_r:gsi_service:s0
appops u:object_r:appops_service:s0 appops u:object_r:appops_service:s0
appwidget u:object_r:appwidget_service:s0 appwidget u:object_r:appwidget_service:s0
artd u:object_r:artd_service:s0
assetatlas u:object_r:assetatlas_service:s0 assetatlas u:object_r:assetatlas_service:s0
attention u:object_r:attention_service:s0 attention u:object_r:attention_service:s0
audio u:object_r:audio_service:s0 audio u:object_r:audio_service:s0

View file

@ -1,6 +1,7 @@
type aidl_lazy_test_service, service_manager_type; type aidl_lazy_test_service, service_manager_type;
type apc_service, service_manager_type; type apc_service, service_manager_type;
type apex_service, service_manager_type; type apex_service, service_manager_type;
type artd_service, service_manager_type;
type audioserver_service, service_manager_type; type audioserver_service, service_manager_type;
type authorization_service, service_manager_type; type authorization_service, service_manager_type;
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type; type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;