tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow system_server and shell to start gsid on-demand.

Browse source 
gsid is started lazily to reduce memory pressure. It can be started
either via gsi_tool (invoked by adb shell), or by DynamicAndroidService
via system_server.

Bug: 126622385
Test: no denials running "gsi_tool status"
Change-Id: I90a5f3f28fe4f294fb60e7c87a62e76716fbd5c0
This commit is contained in:
David Anderson 2019-02-27 18:31:11 -08:00
parent 7eb9143e46
commit 64bbf05150
5 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/28.0/28.0.ignore.cil
View file

@ -30,6 +30,7 @@
content_capture_service content_capture_service
content_suggestions_service content_suggestions_service
cpu_variant_prop cpu_variant_prop
ctl_gsid_prop
dev_cpu_variant dev_cpu_variant
device_config_activity_manager_native_boot_prop device_config_activity_manager_native_boot_prop
device_config_boot_count_prop device_config_boot_count_prop

5
private/property_contexts
View file

@ -127,6 +127,11 @@ ctl.start$adbd u:object_r:ctl_adbd_prop:s0
ctl.stop$adbd u:object_r:ctl_adbd_prop:s0 ctl.stop$adbd u:object_r:ctl_adbd_prop:s0
ctl.restart$adbd u:object_r:ctl_adbd_prop:s0 ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
# Restrict access to starting/stopping gsid.
ctl.start$gsid u:object_r:ctl_gsid_prop:s0
ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
# NFC properties # NFC properties
nfc. u:object_r:nfc_prop:s0 nfc. u:object_r:nfc_prop:s0

1
private/system_server.te
View file

@ -585,6 +585,7 @@ userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface # ctl interface
set_prop(system_server, ctl_default_prop) set_prop(system_server, ctl_default_prop)
set_prop(system_server, ctl_bugreport_prop) set_prop(system_server, ctl_bugreport_prop)
set_prop(system_server, ctl_gsid_prop)
# cppreopt property # cppreopt property
set_prop(system_server, cppreopt_prop) set_prop(system_server, cppreopt_prop)

2
public/property.te
View file

@ -15,6 +15,7 @@ type ctl_console_prop, property_type;
type ctl_default_prop, property_type; type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type; type ctl_dumpstate_prop, property_type;
type ctl_fuse_prop, property_type; type ctl_fuse_prop, property_type;
type ctl_gsid_prop, property_type;
type ctl_interface_restart_prop, property_type; type ctl_interface_restart_prop, property_type;
type ctl_interface_start_prop, property_type; type ctl_interface_start_prop, property_type;
type ctl_interface_stop_prop, property_type; type ctl_interface_stop_prop, property_type;
@ -362,6 +363,7 @@ compatible_property_only(`
-ctl_default_prop -ctl_default_prop
-ctl_dumpstate_prop -ctl_dumpstate_prop
-ctl_fuse_prop -ctl_fuse_prop
-ctl_gsid_prop
-ctl_interface_restart_prop -ctl_interface_restart_prop
-ctl_interface_start_prop -ctl_interface_start_prop
-ctl_interface_stop_prop -ctl_interface_stop_prop

2
public/shell.te
View file

@ -78,6 +78,8 @@ userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable # Allow shell to start/stop heapprofd via the persist.heapprofd.enable
# property. # property.
set_prop(shell, heapprofd_enabled_prop) set_prop(shell, heapprofd_enabled_prop)
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
set_prop(shell, ctl_gsid_prop)
userdebug_or_eng(` userdebug_or_eng(`
# "systrace --boot" support - allow boottrace service to run # "systrace --boot" support - allow boottrace service to run