tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Sepolicy: Fix system server calling perfprofd"

Browse source 
am: fc9afc4d2b

Change-Id: I424a8e2485355633e933ee88227e56a64d3e3977
This commit is contained in:
android-build-prod (mdb) 2018-05-03 13:21:50 -07:00 committed by android-build-merger
commit 9938a72f6e
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/perfprofd.te
View file

@ -4,5 +4,5 @@ userdebug_or_eng(`
')
# Only servicemanager, statsd, su and systemserver can communicate.
neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;

6
private/system_server.te
View file

@ -180,6 +180,9 @@ binder_call(system_server, storaged)
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_call(system_server, wpantund)
userdebug_or_eng(`
binder_call(system_server, perfprofd)
')
binder_service(system_server)
# Use HALs
@ -620,6 +623,9 @@ allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
userdebug_or_eng(`
allow system_server perfprofd_service:service_manager find;
')
allow system_server keystore:keystore_key {
get_state