From 9ed71eff4bed91653cba393ea6cb42f041d4e257 Mon Sep 17 00:00:00 2001 From: dcashman Date: Mon, 14 Mar 2016 12:21:18 -0700 Subject: [PATCH] Mark batteryproperties service as app_api_service. Applications do not explicitly request handles to the batteryproperties service, but the BatteryManager obtains a reference to it and uses it for its underlying property queries. Mark it as an app_api_service so that all applications may use this API. Also remove the batterypropreg service label, as this does not appear to be used and may have been a duplication of batteryproperties. As a result, remove the healthd_service type and replace it with a more specific batteryproperties_service type. Bug: 27442760 Change-Id: I5c0f9d7992ff2ec64adaeef22356e88fd0e8169c --- healthd.te | 2 +- service.te | 2 +- service_contexts | 3 +-- system_server.te | 2 +- untrusted_app.te | 1 - 5 files changed, 4 insertions(+), 6 deletions(-) diff --git a/healthd.te b/healthd.te index 4f2a2eaad..f54d716a9 100644 --- a/healthd.te +++ b/healthd.te @@ -41,7 +41,7 @@ allow healthd self:process execmem; allow healthd proc_sysrq:file rw_file_perms; allow healthd self:capability sys_boot; -allow healthd healthd_service:service_manager { add find }; +allow healthd batteryproperties_service:service_manager { add find }; # Healthd needs to tell init to continue the boot # process when running in charger mode. diff --git a/service.te b/service.te index f819e40a6..fb5b9f4fa 100644 --- a/service.te +++ b/service.te @@ -3,7 +3,7 @@ type default_android_service, service_manager_type; type drmserver_service, service_manager_type; type gatekeeper_service, app_api_service, service_manager_type; type fingerprintd_service, service_manager_type; -type healthd_service, service_manager_type; +type batteryproperties_service, app_api_service, service_manager_type; type inputflinger_service, service_manager_type; type keystore_service, service_manager_type; type mediaserver_service, service_manager_type; diff --git a/service_contexts b/service_contexts index 8ff12f817..0e77818a1 100644 --- a/service_contexts +++ b/service_contexts @@ -10,8 +10,7 @@ appwidget u:object_r:appwidget_service:s0 assetatlas u:object_r:assetatlas_service:s0 audio u:object_r:audio_service:s0 backup u:object_r:backup_service:s0 -batteryproperties u:object_r:healthd_service:s0 -batterypropreg u:object_r:healthd_service:s0 +batteryproperties u:object_r:batteryproperties_service:s0 batterystats u:object_r:batterystats_service:s0 battery u:object_r:battery_service:s0 bluetooth_manager u:object_r:bluetooth_manager_service:s0 diff --git a/system_server.te b/system_server.te index f03959e3e..be4bac10e 100644 --- a/system_server.te +++ b/system_server.te @@ -374,7 +374,7 @@ allow system_server sysfs_zram:dir search; allow system_server sysfs_zram:file r_file_perms; allow system_server drmserver_service:service_manager find; -allow system_server healthd_service:service_manager find; +allow system_server batteryproperties_service:service_manager find; allow system_server keystore_service:service_manager find; allow system_server gatekeeper_service:service_manager find; allow system_server fingerprintd_service:service_manager find; diff --git a/untrusted_app.te b/untrusted_app.te index 697965170..b05627a5e 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -67,7 +67,6 @@ allow untrusted_app mnt_media_rw_file:dir search; allow untrusted_app servicemanager:service_manager list; allow untrusted_app drmserver_service:service_manager find; -allow untrusted_app healthd_service:service_manager find; allow untrusted_app mediaserver_service:service_manager find; allow untrusted_app nfc_service:service_manager find; allow untrusted_app radio_service:service_manager find;