tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update permissioncontroller_app domain rules

Browse source 
This adds permissions for content_capture_service,
incidentcompanion_service, media_session_service, and telecom_service.
These were observed via sedenials on dogfood builds.

Bug: 142672293
Bug: 144677148
Test: Green builds, no more denials show up for these services.
Change-Id: Ifd93c54fb3ca3f0da781cd2038217a29e812a40f
This commit is contained in:
Ashwini Oruganti 2019-11-21 12:26:08 -08:00
parent 82eca37afa
commit 5064189c23
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/permissioncontroller_app.te
View file

@ -1,7 +1,7 @@
###
### A domain for further sandboxing the GooglePermissionController app.
###
type permissioncontroller_app, domain;
type permissioncontroller_app, domain, coredomain;
# Allow everything.
# TODO(b/142672293): remove when no selinux denials are triggered for this
@ -29,7 +29,11 @@ allow permissioncontroller_app activity_service:service_manager find;
allow permissioncontroller_app activity_task_service:service_manager find;
allow permissioncontroller_app audio_service:service_manager find;
allow permissioncontroller_app autofill_service:service_manager find;
allow permissioncontroller_app content_capture_service:service_manager find;
allow permissioncontroller_app device_policy_service:service_manager find;
allow permissioncontroller_app incidentcompanion_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;