sepolicy: Create new attribute to serve ISuspendControlServiceInternal
Bug: 178417023 Test: Verified manually Change-Id: Ie058ecf6b31c260e7788cbf0e74fa4182129d3e1 Signed-off-by: Darren Hsu <darrenhsu@google.com>
This commit is contained in:
Darren Hsu
parent
a18cf7ed0c
commit
70ae5f4c34
3 changed files with 14 additions and 12 deletions
|
|
@ -1,11 +1,10 @@
|
|||
type system_suspend, domain, coredomain, system_suspend_server;
|
||||
type system_suspend, domain, coredomain, system_suspend_server, system_suspend_internal_server;
|
||||
|
||||
type system_suspend_exec, system_file_type, exec_type, file_type;
|
||||
init_daemon_domain(system_suspend)
|
||||
|
||||
# To serve ISuspendControlService and ISuspendControlServiceInternal.
|
||||
# To serve ISuspendControlService.
|
||||
binder_use(system_suspend)
|
||||
add_service(system_suspend, system_suspend_control_internal_service)
|
||||
add_service(system_suspend, system_suspend_control_service)
|
||||
|
||||
# Access to /sys/power/{ wakeup_count, state } suspend interface.
|
||||
|
|
@ -28,15 +27,6 @@ allow system_suspend bluetooth:binder call;
|
|||
allow system_suspend dumpstate:fd use;
|
||||
allow system_suspend dumpstate:fifo_file write;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-atrace # tracing
|
||||
-dumpstate # bug reports
|
||||
-system_suspend # implements system_suspend_control_internal_service
|
||||
-system_server # configures system_suspend via ISuspendControlServiceInternal
|
||||
-traceur_app # tracing
|
||||
} system_suspend_control_internal_service:service_manager find;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-atrace # tracing
|
||||
|
|
|
|||
|
|
@ -376,6 +376,7 @@ attribute display_service_server;
|
|||
attribute scheduler_service_server;
|
||||
attribute sensor_service_server;
|
||||
attribute stats_service_server;
|
||||
attribute system_suspend_internal_server;
|
||||
attribute system_suspend_server;
|
||||
attribute wifi_keystore_service_server;
|
||||
|
||||
|
|
|
|||
11
public/system_suspend_internal_server.te
Normal file
11
public/system_suspend_internal_server.te
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# To serve ISuspendControlServiceInternal.
|
||||
add_service(system_suspend_internal_server, system_suspend_control_internal_service)
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-atrace # tracing
|
||||
-dumpstate # bug reports
|
||||
-system_suspend_internal_server # implements system_suspend_control_internal_service
|
||||
-system_server # configures system_suspend via ISuspendControlServiceInternal
|
||||
-traceur_app # tracing
|
||||
} system_suspend_control_internal_service:service_manager find;
|
||||
Loading…
Reference in a new issue