From 578a189178635f7d486522310293e66e9f980fba Mon Sep 17 00:00:00 2001 From: Howard Ro Date: Fri, 28 Sep 2018 13:34:37 -0700 Subject: [PATCH] Update sepolicies for stats hal Bug: 116732452 Test: No sepolicy violations observed with this change (cherry picked from commit I1958182dd8ecc496625da2a2a834f71f5d43e7bb) Change-Id: Ib386767d8acfacf9fedafd9a79dd555ce233f41c --- private/compat/26.0/26.0.ignore.cil | 1 + private/compat/27.0/27.0.ignore.cil | 1 + private/compat/28.0/28.0.ignore.cil | 1 + private/hwservice_contexts | 1 + public/hwservice.te | 1 + public/statsd.te | 3 +++ 6 files changed, 8 insertions(+) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index c585b668c..5f4950c8a 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -57,6 +57,7 @@ fastbootd fingerprint_vendor_data_file fs_bpf + fwk_stats_hwservice hal_atrace_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 95d820e08..891f1a3d6 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -53,6 +53,7 @@ fastbootd fingerprint_vendor_data_file fs_bpf + fwk_stats_hwservice hal_atrace_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index 4add5c689..4310f0302 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -10,6 +10,7 @@ ;; TODO(b/116344577): remove after the issue is resolved buffer_hub_service fastbootd + fwk_stats_hwservice color_display_service hal_atrace_hwservice hal_health_storage_hwservice diff --git a/private/hwservice_contexts b/private/hwservice_contexts index f12385fc1..e7354a74c 100644 --- a/private/hwservice_contexts +++ b/private/hwservice_contexts @@ -1,6 +1,7 @@ android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0 android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0 android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0 +android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0 android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0 android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0 android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0 diff --git a/public/hwservice.te b/public/hwservice.te index e7ef2bb85..0064d9de3 100644 --- a/public/hwservice.te +++ b/public/hwservice.te @@ -2,6 +2,7 @@ type default_android_hwservice, hwservice_manager_type; type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice; type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice; type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice; +type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice; type hal_atrace_hwservice, hwservice_manager_type; type hal_audiocontrol_hwservice, hwservice_manager_type; type hal_audio_hwservice, hwservice_manager_type; diff --git a/public/statsd.te b/public/statsd.te index 9c8e9d24c..384ce8a59 100644 --- a/public/statsd.te +++ b/public/statsd.te @@ -46,6 +46,9 @@ allow statsd { system_api_service }:service_manager find; +# Allow statsd to add as HIDL service. +add_hwservice(statsd, fwk_stats_hwservice) + # Grant statsd to access health hal to access battery metrics. allow statsd hal_health_hwservice:hwservice_manager find;