From 902a010aaa5866dc20a8c51b3a5458e319bafd1c Mon Sep 17 00:00:00 2001 From: Alex Xu Date: Wed, 25 Oct 2023 23:37:13 +0000 Subject: [PATCH] Add sepolicy for security_state service. security_state service manages security state (e.g. SPL) information across partitions, modules, etc. Bug: 307819014 Test: Manual Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901 --- build/soong/service_fuzzer_bindings.go | 1 + private/compat/34.0/34.0.ignore.cil | 1 + private/service_contexts | 1 + public/service.te | 1 + 4 files changed, 4 insertions(+) diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go index 44c3243fc..29273cf78 100644 --- a/build/soong/service_fuzzer_bindings.go +++ b/build/soong/service_fuzzer_bindings.go @@ -392,6 +392,7 @@ var ( "search": EXCEPTION_NO_FUZZER, "search_ui": EXCEPTION_NO_FUZZER, "secure_element": EXCEPTION_NO_FUZZER, + "security_state": EXCEPTION_NO_FUZZER, "sec_key_att_app_id_provider": EXCEPTION_NO_FUZZER, "selection_toolbar": EXCEPTION_NO_FUZZER, "sensorservice": EXCEPTION_NO_FUZZER, diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil index 2d1aea003..685b9b24b 100644 --- a/private/compat/34.0/34.0.ignore.cil +++ b/private/compat/34.0/34.0.ignore.cil @@ -14,6 +14,7 @@ virtual_camera_service ot_daemon_service remote_auth_service + security_state_service sysfs_sync_on_suspend threadnetwork_service device_config_aconfig_flags_prop diff --git a/private/service_contexts b/private/service_contexts index a1fb06b26..758cab6ad 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -368,6 +368,7 @@ search u:object_r:search_service:s0 search_ui u:object_r:search_ui_service:s0 secure_element u:object_r:secure_element_service:s0 sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0 +security_state u:object_r:security_state_service:s0 selection_toolbar u:object_r:selection_toolbar_service:s0 sensorservice u:object_r:sensorservice_service:s0 sensor_privacy u:object_r:sensor_privacy_service:s0 diff --git a/public/service.te b/public/service.te index e018e40c4..53c9e5f3e 100644 --- a/public/service.te +++ b/public/service.te @@ -212,6 +212,7 @@ type scheduling_policy_service, system_server_service, service_manager_type; type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type search_ui_service, app_api_service, system_server_service, service_manager_type; type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type; +type security_state_service, system_server_service, service_manager_type; type selection_toolbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;