Allow PackageManager to create a new service

A new API [getNamesForUids] was recently added to the PackageManager and this API needs to be accessible to native code. However, there were two constraints: 1) Instead of hand-rolling the binder, we wanted to auto generate the bindings directly from the AIDL compiler. 2) We didn't want to expose/annotate all 180+ PackageManager APIs when only a single API is needed. So, we chose to create a parallel API that can be used explicitly for native bindings without exposing the entirety of the PackageManager. Bug: 62805090 Test: Manual Test: Create a native application that calls into the new service Test: See the call works and data and returned Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41
2017-08-02 07:27:44 -07:00 · 2017-08-02 07:27:44 -07:00 · 8bb80471b9
commit 8bb80471b9
parent 420be61f78
4 changed files with 6 additions and 0 deletions
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@ -13,6 +13,7 @@
    kmsg_debug_device
    mediaprovider_tmpfs
    netd_stable_secret_prop
+    package_native_service
    sysfs_fs_ext4_features
    system_net_netd_hwservice
    timezone_service
--- a/private/service_contexts
+++ b/private/service_contexts
@ -108,6 +108,7 @@ oem_lock                                  u:object_r:oem_lock_service:s0
 otadexopt                                 u:object_r:otadexopt_service:s0
 overlay                                   u:object_r:overlay_service:s0
 package                                   u:object_r:package_service:s0
+package_native                            u:object_r:package_native_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0
--- a/private/storaged.te
+++ b/private/storaged.te
@ -43,6 +43,9 @@ binder_call(storaged, healthd)
 # Implements a dumpsys interface.
 allow storaged dumpstate:fd use;

+# use a subset of the package manager service
+allow storaged package_native_service:service_manager find;
+
 # Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
 # running as root. See b/35323867 #3.
 dontaudit storaged self:capability dac_override;
--- a/public/service.te
+++ b/public/service.te
@ -101,6 +101,7 @@ type oem_lock_service, system_api_service, system_server_service, service_manage
 type otadexopt_service, system_server_service, service_manager_type;
 type overlay_service, system_api_service, system_server_service, service_manager_type;
 type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type package_native_service, system_server_service, service_manager_type;
 type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
 type pinner_service, system_server_service, service_manager_type;