Merge "Allow system server to access composd." am: c1ebd11f2c

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1892440

Change-Id: Ie67d38cfaecc630a07d19d252f2d4af18e0e98b0
This commit is contained in:
Treehugger Robot 2021-11-18 13:13:26 +00:00 committed by Automerger Merge Worker
commit 5446b99782
2 changed files with 8 additions and 1 deletions

View file

@ -6,6 +6,9 @@ init_daemon_domain(composd)
binder_use(composd)
add_service(composd, compos_service)
# Call back into system server
binder_call(composd, system_server)
# Start a VM
virtualizationservice_use(composd)
@ -14,5 +17,7 @@ allow composd apex_module_data_file:dir search;
allow composd apex_compos_data_file:dir create_dir_perms;
allow composd apex_compos_data_file:file create_file_perms;
# Run odrefresh to refresh ART artifacts
# TODO(b/205750213): Removed these when we run odrefresh in the VM
# Run odrefresh to refresh ART artifacts, and kill it if we need to
domain_auto_trans(composd, odrefresh_exec, odrefresh)
allow composd odrefresh:process sigkill;

View file

@ -262,6 +262,7 @@ allow system_server app_zygote:unix_stream_socket { read write connectto setopt
binder_use(system_server)
binder_call(system_server, appdomain)
binder_call(system_server, binderservicedomain)
binder_call(system_server, composd)
binder_call(system_server, dumpstate)
binder_call(system_server, fingerprintd)
binder_call(system_server, gatekeeperd)
@ -849,6 +850,7 @@ allow system_server audioserver_service:service_manager find;
allow system_server authorization_service:service_manager find;
allow system_server batteryproperties_service:service_manager find;
allow system_server cameraserver_service:service_manager find;
allow system_server compos_service:service_manager find;
allow system_server dataloader_manager_service:service_manager find;
allow system_server dnsresolver_service:service_manager find;
allow system_server drmserver_service:service_manager find;