[rpc_binder] Enable connection for authfs_service socket am: b1c2e19a71

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2305572

Change-Id: I96b21eb9b60613ac516bcfa0ba594c589e84e7fb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Alice Wang 2022-11-18 12:06:24 +00:00 committed by Automerger Merge Worker
commit c7e13ae286
3 changed files with 5 additions and 0 deletions

View file

@ -73,6 +73,7 @@
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/sys/block/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0

View file

@ -49,6 +49,9 @@ binder_use(microdroid_payload);
allow microdroid_payload authfs_binder_service:service_manager find;
binder_call(microdroid_payload, authfs_service);
# Allow payload to communicate with authfs_service
unix_socket_connect(microdroid_payload, authfs_service, authfs_service)
# Allow locating the authfs mount directory.
allow microdroid_payload authfs_data_file:dir search;

View file

@ -5,6 +5,7 @@ type adbd_socket, file_type, coredomain_socket;
type apex_info_file, file_type;
type apex_mnt_dir, file_type;
type authfs_data_file, file_type, data_file_type, core_data_file_type;
type authfs_service_socket, file_type, coredomain_socket;
type cgroup_desc_api_file, file_type, system_file_type;
type cgroup_desc_file, file_type, system_file_type;
type cgroup_rc_file, file_type;