* commit '127671633e8be0fb185d04fb1c7c5f0a9536862e': Add system_api_service and app_api_service attributes.
This commit is contained in:
dcashman
Android Git Automerger
commit
ab8e1cb300
13 changed files with 36 additions and 26 deletions
|
|
@ -44,6 +44,13 @@ attribute property_type;
|
|||
|
||||
# All service_manager types formerly given system_server_service type
|
||||
attribute tmp_system_server_service;
|
||||
attribute system_server_service;
|
||||
|
||||
# services which should be available to all but isolated apps
|
||||
attribute app_api_service;
|
||||
|
||||
# services which export only system_api
|
||||
attribute system_api_service;
|
||||
|
||||
# All types used for services managed by service_manager.
|
||||
attribute service_manager_type;
|
||||
|
|
|
|||
|
|
@ -53,8 +53,9 @@ allow bluetooth bluetooth_service:service_manager find;
|
|||
allow bluetooth mediaserver_service:service_manager find;
|
||||
allow bluetooth radio_service:service_manager find;
|
||||
allow bluetooth surfaceflinger_service:service_manager find;
|
||||
allow bluetooth system_server_service:service_manager find;
|
||||
allow bluetooth tmp_system_server_service:service_manager find;
|
||||
allow bluetooth app_api_service:service_manager find;
|
||||
allow bluetooth system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(bluetooth)
|
||||
auditallow bluetooth {
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ allow drmserver oemfs:dir search;
|
|||
allow drmserver oemfs:file r_file_perms;
|
||||
|
||||
allow drmserver drmserver_service:service_manager { add find };
|
||||
allow drmserver system_server_service:service_manager find;
|
||||
allow drmserver tmp_system_server_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(drmserver)
|
||||
|
|
|
|||
|
|
@ -80,7 +80,6 @@ allow mediaserver tee:unix_stream_socket connectto;
|
|||
|
||||
allow mediaserver drmserver_service:service_manager find;
|
||||
allow mediaserver mediaserver_service:service_manager { add find };
|
||||
allow mediaserver system_server_service:service_manager find;
|
||||
allow mediaserver surfaceflinger_service:service_manager find;
|
||||
allow mediaserver tmp_system_server_service:service_manager find;
|
||||
|
||||
|
|
|
|||
3
nfc.te
3
nfc.te
|
|
@ -23,8 +23,9 @@ allow nfc mediaserver_service:service_manager find;
|
|||
allow nfc nfc_service:service_manager { add find };
|
||||
allow nfc radio_service:service_manager find;
|
||||
allow nfc surfaceflinger_service:service_manager find;
|
||||
allow nfc system_server_service:service_manager find;
|
||||
allow nfc tmp_system_server_service:service_manager find;
|
||||
allow nfc app_api_service:service_manager find;
|
||||
allow nfc system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(nfc)
|
||||
auditallow nfc {
|
||||
|
|
|
|||
|
|
@ -32,8 +32,9 @@ allow platform_app drmserver_service:service_manager find;
|
|||
allow platform_app mediaserver_service:service_manager find;
|
||||
allow platform_app radio_service:service_manager find;
|
||||
allow platform_app surfaceflinger_service:service_manager find;
|
||||
allow platform_app system_server_service:service_manager find;
|
||||
allow platform_app tmp_system_server_service:service_manager find;
|
||||
allow platform_app app_api_service:service_manager find;
|
||||
allow platform_app system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(platform_app)
|
||||
auditallow platform_app {
|
||||
|
|
|
|||
3
radio.te
3
radio.te
|
|
@ -34,8 +34,9 @@ allow radio drmserver_service:service_manager find;
|
|||
allow radio mediaserver_service:service_manager find;
|
||||
allow radio radio_service:service_manager { add find };
|
||||
allow radio surfaceflinger_service:service_manager find;
|
||||
allow radio system_server_service:service_manager find;
|
||||
allow radio tmp_system_server_service:service_manager find;
|
||||
allow radio app_api_service:service_manager find;
|
||||
allow radio system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(radio)
|
||||
auditallow radio {
|
||||
|
|
|
|||
29
service.te
29
service.te
|
|
@ -10,8 +10,6 @@ type radio_service, service_manager_type;
|
|||
type surfaceflinger_service, service_manager_type;
|
||||
type system_app_service, service_manager_type;
|
||||
|
||||
type system_server_service, service_manager_type;
|
||||
|
||||
# system_server_services broken down
|
||||
type accessibility_service, tmp_system_server_service, service_manager_type;
|
||||
type account_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
@ -27,31 +25,31 @@ type battery_service, tmp_system_server_service, service_manager_type;
|
|||
type bluetooth_manager_service, tmp_system_server_service, service_manager_type;
|
||||
type clipboard_service, tmp_system_server_service, service_manager_type;
|
||||
type IMms_service, tmp_system_server_service, service_manager_type;
|
||||
type IProxyService_service, tmp_system_server_service, service_manager_type;
|
||||
type IProxyService_service, system_api_service, system_server_service, service_manager_type;
|
||||
type commontime_management_service, tmp_system_server_service, service_manager_type;
|
||||
type connectivity_service, tmp_system_server_service, service_manager_type;
|
||||
type consumer_ir_service, tmp_system_server_service, service_manager_type;
|
||||
type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
|
||||
type content_service, tmp_system_server_service, service_manager_type;
|
||||
type country_detector_service, tmp_system_server_service, service_manager_type;
|
||||
type cpuinfo_service, tmp_system_server_service, service_manager_type;
|
||||
type dbinfo_service, tmp_system_server_service, service_manager_type;
|
||||
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
|
||||
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
|
||||
type device_policy_service, tmp_system_server_service, service_manager_type;
|
||||
type deviceidle_service, tmp_system_server_service, service_manager_type;
|
||||
type devicestoragemonitor_service, tmp_system_server_service, service_manager_type;
|
||||
type devicestoragemonitor_service, system_server_service, service_manager_type;
|
||||
type diskstats_service, tmp_system_server_service, service_manager_type;
|
||||
type display_service, tmp_system_server_service, service_manager_type;
|
||||
type DockObserver_service, tmp_system_server_service, service_manager_type;
|
||||
type DockObserver_service, system_server_service, service_manager_type;
|
||||
type dreams_service, tmp_system_server_service, service_manager_type;
|
||||
type dropbox_service, tmp_system_server_service, service_manager_type;
|
||||
type ethernet_service, tmp_system_server_service, service_manager_type;
|
||||
type fingerprint_service, tmp_system_server_service, service_manager_type;
|
||||
type gfxinfo_service, tmp_system_server_service, service_manager_type;
|
||||
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
|
||||
type graphicsstats_service, tmp_system_server_service, service_manager_type;
|
||||
type hardware_service, tmp_system_server_service, service_manager_type;
|
||||
type hdmi_control_service, tmp_system_server_service, service_manager_type;
|
||||
type input_method_service, tmp_system_server_service, service_manager_type;
|
||||
type input_service, tmp_system_server_service, service_manager_type;
|
||||
type imms_service, tmp_system_server_service, service_manager_type;
|
||||
type imms_service, app_api_service, system_server_service, service_manager_type;
|
||||
type jobscheduler_service, tmp_system_server_service, service_manager_type;
|
||||
type launcherapps_service, tmp_system_server_service, service_manager_type;
|
||||
type location_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
@ -59,8 +57,8 @@ type lock_settings_service, tmp_system_server_service, service_manager_type;
|
|||
type media_projection_service, tmp_system_server_service, service_manager_type;
|
||||
type media_router_service, tmp_system_server_service, service_manager_type;
|
||||
type media_session_service, tmp_system_server_service, service_manager_type;
|
||||
type meminfo_service, tmp_system_server_service, service_manager_type;
|
||||
type midi_service, tmp_system_server_service, service_manager_type;
|
||||
type meminfo_service, system_api_service, system_server_service, service_manager_type;
|
||||
type midi_service, app_api_service, system_server_service, service_manager_type;
|
||||
type mount_service, tmp_system_server_service, service_manager_type;
|
||||
type netpolicy_service, tmp_system_server_service, service_manager_type;
|
||||
type netstats_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
@ -76,7 +74,7 @@ type processinfo_service, tmp_system_server_service, service_manager_type;
|
|||
type procstats_service, tmp_system_server_service, service_manager_type;
|
||||
type restrictions_service, tmp_system_server_service, service_manager_type;
|
||||
type rttmanager_service, tmp_system_server_service, service_manager_type;
|
||||
type samplingprofiler_service, tmp_system_server_service, service_manager_type;
|
||||
type samplingprofiler_service, system_server_service, service_manager_type;
|
||||
type scheduling_policy_service, tmp_system_server_service, service_manager_type;
|
||||
type search_service, tmp_system_server_service, service_manager_type;
|
||||
type sensorservice_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
@ -86,8 +84,9 @@ type statusbar_service, tmp_system_server_service, service_manager_type;
|
|||
type task_service, tmp_system_server_service, service_manager_type;
|
||||
type registry_service, tmp_system_server_service, service_manager_type;
|
||||
type textservices_service, tmp_system_server_service, service_manager_type;
|
||||
type telecom_service, tmp_system_server_service, service_manager_type;
|
||||
type trust_service, tmp_system_server_service, service_manager_type;
|
||||
type tv_input_service, tmp_system_server_service, service_manager_type;
|
||||
type tv_input_service, app_api_service, system_server_service, service_manager_type;
|
||||
type uimode_service, tmp_system_server_service, service_manager_type;
|
||||
type updatelock_service, tmp_system_server_service, service_manager_type;
|
||||
type usagestats_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
@ -98,6 +97,6 @@ type voiceinteraction_service, tmp_system_server_service, service_manager_type;
|
|||
type wallpaper_service, tmp_system_server_service, service_manager_type;
|
||||
type webviewupdate_service, tmp_system_server_service, service_manager_type;
|
||||
type wifip2p_service, tmp_system_server_service, service_manager_type;
|
||||
type wifiscanner_service, tmp_system_server_service, service_manager_type;
|
||||
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
|
||||
type wifi_service, tmp_system_server_service, service_manager_type;
|
||||
type window_service, tmp_system_server_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ sip u:object_r:radio_service:s0
|
|||
statusbar u:object_r:statusbar_service:s0
|
||||
SurfaceFlinger u:object_r:surfaceflinger_service:s0
|
||||
task u:object_r:task_service:s0
|
||||
telecom u:object_r:system_server_service:s0
|
||||
telecom u:object_r:telecom_service:s0
|
||||
telephony.registry u:object_r:registry_service:s0
|
||||
textservices u:object_r:textservices_service:s0
|
||||
trust u:object_r:trust_service:s0
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ allow shared_relro shared_relro_file:dir rw_dir_perms;
|
|||
allow shared_relro shared_relro_file:file create_file_perms;
|
||||
|
||||
# Needs to contact the "webviewupdate" and "activity" services
|
||||
allow shared_relro system_server_service:service_manager find;
|
||||
allow shared_relro tmp_system_server_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(shared_relro)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ allow surfaceflinger tee_device:chr_file rw_file_perms;
|
|||
# media.player service
|
||||
allow surfaceflinger mediaserver_service:service_manager find;
|
||||
allow surfaceflinger surfaceflinger_service:service_manager { add find };
|
||||
allow surfaceflinger system_server_service:service_manager find;
|
||||
allow surfaceflinger tmp_system_server_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(surfaceflinger)
|
||||
|
|
|
|||
|
|
@ -53,8 +53,9 @@ allow system_app nfc_service:service_manager find;
|
|||
allow system_app radio_service:service_manager find;
|
||||
allow system_app surfaceflinger_service:service_manager find;
|
||||
allow system_app system_app_service:service_manager add;
|
||||
allow system_app system_server_service:service_manager find;
|
||||
allow system_app tmp_system_server_service:service_manager find;
|
||||
allow system_app app_api_service:service_manager find;
|
||||
allow system_app system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(system_app)
|
||||
auditallow system_app {
|
||||
|
|
|
|||
|
|
@ -81,8 +81,11 @@ allow untrusted_app mediaserver_service:service_manager find;
|
|||
allow untrusted_app nfc_service:service_manager find;
|
||||
allow untrusted_app radio_service:service_manager find;
|
||||
allow untrusted_app surfaceflinger_service:service_manager find;
|
||||
allow untrusted_app system_server_service:service_manager find;
|
||||
allow untrusted_app tmp_system_server_service:service_manager find;
|
||||
allow untrusted_app app_api_service:service_manager find;
|
||||
|
||||
# TODO: remove this once priv-apps are no longer running in untrusted_app
|
||||
allow untrusted_app system_api_service:service_manager find;
|
||||
|
||||
service_manager_local_audit_domain(untrusted_app)
|
||||
auditallow untrusted_app {
|
||||
|
|
|
|||
Loading…
Reference in a new issue