From 5064189c231d126d018161f076a0c8318e075a0f Mon Sep 17 00:00:00 2001 From: Ashwini Oruganti Date: Thu, 21 Nov 2019 12:26:08 -0800 Subject: [PATCH] Update permissioncontroller_app domain rules This adds permissions for content_capture_service, incidentcompanion_service, media_session_service, and telecom_service. These were observed via sedenials on dogfood builds. Bug: 142672293 Bug: 144677148 Test: Green builds, no more denials show up for these services. Change-Id: Ifd93c54fb3ca3f0da781cd2038217a29e812a40f --- private/permissioncontroller_app.te | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te index 9b09ce31c..9d882486a 100644 --- a/private/permissioncontroller_app.te +++ b/private/permissioncontroller_app.te @@ -1,7 +1,7 @@ ### ### A domain for further sandboxing the GooglePermissionController app. ### -type permissioncontroller_app, domain; +type permissioncontroller_app, domain, coredomain; # Allow everything. # TODO(b/142672293): remove when no selinux denials are triggered for this @@ -29,7 +29,11 @@ allow permissioncontroller_app activity_service:service_manager find; allow permissioncontroller_app activity_task_service:service_manager find; allow permissioncontroller_app audio_service:service_manager find; allow permissioncontroller_app autofill_service:service_manager find; +allow permissioncontroller_app content_capture_service:service_manager find; allow permissioncontroller_app device_policy_service:service_manager find; +allow permissioncontroller_app incidentcompanion_service:service_manager find; allow permissioncontroller_app location_service:service_manager find; +allow permissioncontroller_app media_session_service:service_manager find; allow permissioncontroller_app surfaceflinger_service:service_manager find; +allow permissioncontroller_app telecom_service:service_manager find; allow permissioncontroller_app trust_service:service_manager find;