Merge "SEPolicy for RemoteProvisioning App"

2021-02-10 04:20:52 +00:00 · 2021-02-10 04:20:52 +00:00 · e6654e8bfd
commit e6654e8bfd
parent f14e49be1c 23f0f3b28a
6 changed files with 16 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -76,6 +76,8 @@
    profcollectd_service
    radio_core_data_file
    reboot_readiness_service
+    remote_prov_app
+    remoteprovisioning_service
    resolver_service
    search_ui_service
    shell_test_data_file
--- a/private/remote_prov_app.te
+++ b/private/remote_prov_app.te
@ -0,0 +1,10 @@
+type remote_prov_app, domain;
+typeattribute remote_prov_app coredomain;
+
+app_domain(remote_prov_app)
+net_domain(remote_prov_app)
+
+allow remote_prov_app {
+    activity_service
+    remoteprovisioning_service
+}:service_manager find;
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@ -143,6 +143,7 @@ neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
 isSystemServer=true domain=system_server_startup

 user=_app isPrivApp=true name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.remoteprovisioner domain=remote_prov_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
 user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
--- a/private/service_contexts
+++ b/private/service_contexts
@ -31,6 +31,7 @@ android.security.authorization            u:object_r:authorization_service:s0
 android.security.compat                   u:object_r:keystore_compat_hal_service:s0
 android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
+android.security.remoteprovisioning       u:object_r:remoteprovisioning_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.keystore2                  u:object_r:keystore_service:s0
 app_binding                               u:object_r:app_binding_service:s0
--- a/public/keystore.te
+++ b/public/keystore.te
@ -13,6 +13,7 @@ allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };

 add_service(keystore, keystore_service)
+add_service(keystore, remoteprovisioning_service)
 allow keystore sec_key_att_app_id_provider_service:service_manager find;
 allow keystore dropbox_service:service_manager find;
 add_service(keystore, apc_service)
--- a/public/service.te
+++ b/public/service.te
@ -29,6 +29,7 @@ type mediatranscoding_service,  app_api_service, service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
+type remoteprovisioning_service,   service_manager_type;
 type secure_element_service,    service_manager_type;
 type service_manager_service,   service_manager_type;
 type storaged_service,          service_manager_type;