Merge "Add SELinux policy changes for rkpd"

This commit is contained in:
Vikram Gaur 2022-09-23 09:33:45 +00:00 committed by Gerrit Code Review
commit f4382c5391
6 changed files with 30 additions and 0 deletions

View file

@ -279,3 +279,10 @@ filegroup {
"com.android.healthconnect-file_contexts",
],
}
filegroup {
name: "com.android.rkpd-file_contexts",
srcs: [
"com.android.rkpd-file_contexts",
],
}

View file

@ -0,0 +1,2 @@
(/.*)? u:object_r:system_file:s0
/bin/rkpd u:object_r:rkpd_exec:s0

View file

@ -316,6 +316,8 @@ var (
"resolver": []string{},
"resources": []string{},
"restrictions": []string{},
"rkpd.registrar": []string{},
"rkpd.refresh": []string{},
"role": []string{},
"rollback": []string{},
"rttmanager": []string{},

15
private/rkpd.te Normal file
View file

@ -0,0 +1,15 @@
# Policies for Remote Key Provisioning Daemon (rkpd)
type rkpd, domain;
type rkpd_exec, system_file_type, exec_type, file_type;
typeattribute rkpd coredomain;
binder_use(rkpd)
binder_service(rkpd)
init_daemon_domain(rkpd)
add_service(rkpd, rkpd_registrar_service)
add_service(rkpd, rkpd_refresh_service)

View file

@ -10,6 +10,8 @@ type logd_service, service_manager_type;
type mediatuner_service, app_api_service, service_manager_type;
type profcollectd_service, service_manager_type;
type resolver_service, system_server_service, service_manager_type;
type rkpd_registrar_service, service_manager_type;
type rkpd_refresh_service, service_manager_type;
type safety_center_service, app_api_service, system_api_service, system_server_service, service_manager_type;
type stats_service, service_manager_type;
type statsbootstrap_service, system_server_service, service_manager_type;

View file

@ -301,6 +301,8 @@ recovery u:object_r:recovery_service:s0
resolver u:object_r:resolver_service:s0
resources u:object_r:resources_manager_service:s0
restrictions u:object_r:restrictions_service:s0
rkpd.registrar u:object_r:rkpd_registrar_service:s0
rkpd.refresh u:object_r:rkpd_refresh_service:s0
role u:object_r:role_service:s0
rollback u:object_r:rollback_service:s0
rttmanager u:object_r:rttmanager_service:s0