26f04ff7f2
This cherry-pick exists to update stage-aosp-master sepolicy
files to look like the ones in master and aosp. It looks like
it was an overlook this patch was merged with DO NOT MERGE
instead of only Merged-In.
Bug: 111276913
Test: manual verification
Merged-In: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
Change-Id: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
(cherry picked from commit 73e7fa884b
)
193 lines
16 KiB
Text
193 lines
16 KiB
Text
type apex_service, service_manager_type;
|
|
type audioserver_service, service_manager_type;
|
|
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
|
|
type bluetooth_service, service_manager_type;
|
|
type cameraserver_service, service_manager_type;
|
|
type default_android_service, service_manager_type;
|
|
type drmserver_service, service_manager_type;
|
|
type dumpstate_service, service_manager_type;
|
|
type fingerprintd_service, service_manager_type;
|
|
type hal_fingerprint_service, service_manager_type;
|
|
type gatekeeper_service, app_api_service, service_manager_type;
|
|
type gpu_service, service_manager_type;
|
|
type idmap_service, service_manager_type;
|
|
type iorapd_service, service_manager_type;
|
|
type incident_service, service_manager_type;
|
|
type installd_service, service_manager_type;
|
|
type keystore_service, service_manager_type;
|
|
type mediaserver_service, service_manager_type;
|
|
type mediametrics_service, service_manager_type;
|
|
type mediaextractor_service, service_manager_type;
|
|
type mediaextractor_update_service, service_manager_type;
|
|
type mediacodec_service, service_manager_type;
|
|
type mediadrmserver_service, service_manager_type;
|
|
type netd_service, service_manager_type;
|
|
type nfc_service, service_manager_type;
|
|
type perfprofd_service, service_manager_type;
|
|
type radio_service, service_manager_type;
|
|
type secure_element_service, service_manager_type;
|
|
type storaged_service, service_manager_type;
|
|
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
|
|
type system_app_service, service_manager_type;
|
|
type thermal_service, service_manager_type;
|
|
type update_engine_service, service_manager_type;
|
|
type virtual_touchpad_service, service_manager_type;
|
|
type vold_service, service_manager_type;
|
|
type vr_hwc_service, service_manager_type;
|
|
type vrflinger_vsync_service, service_manager_type;
|
|
|
|
# system_server_services broken down
|
|
type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type adb_service, system_api_service, system_server_service, service_manager_type;
|
|
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type app_binding_service, system_server_service, service_manager_type;
|
|
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
|
|
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type battery_service, system_server_service, service_manager_type;
|
|
type binder_calls_stats_service, system_server_service, service_manager_type;
|
|
type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type broadcastradio_service, system_server_service, service_manager_type;
|
|
type cameraproxy_service, system_server_service, service_manager_type;
|
|
type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type contexthub_service, app_api_service, system_server_service, service_manager_type;
|
|
type crossprofileapps_service, app_api_service, system_server_service, service_manager_type;
|
|
type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled
|
|
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
|
|
type coverage_service, system_server_service, service_manager_type;
|
|
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
|
|
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
|
|
type device_config_service, system_server_service, service_manager_type;
|
|
type device_policy_service, app_api_service, system_server_service, service_manager_type;
|
|
type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type devicestoragemonitor_service, system_server_service, service_manager_type;
|
|
type diskstats_service, system_api_service, system_server_service, service_manager_type;
|
|
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type color_display_service, system_api_service, system_server_service, service_manager_type;
|
|
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type netd_listener_service, system_server_service, service_manager_type;
|
|
type network_watchlist_service, system_server_service, service_manager_type;
|
|
type DockObserver_service, system_server_service, service_manager_type;
|
|
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type lowpan_service, system_api_service, system_server_service, service_manager_type;
|
|
type ethernet_service, app_api_service, system_server_service, service_manager_type;
|
|
type biometric_service, app_api_service, system_server_service, service_manager_type;
|
|
type face_service, app_api_service, system_server_service, service_manager_type;
|
|
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
|
|
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
|
|
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type hardware_service, system_server_service, service_manager_type;
|
|
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
|
|
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type iris_service, app_api_service, system_server_service, service_manager_type;
|
|
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
|
|
type looper_stats_service, system_server_service, service_manager_type;
|
|
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type meminfo_service, system_api_service, system_server_service, service_manager_type;
|
|
type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type network_score_service, system_api_service, system_server_service, service_manager_type;
|
|
type network_stack_service, system_server_service, service_manager_type;
|
|
type network_time_update_service, system_server_service, service_manager_type;
|
|
type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type oem_lock_service, system_api_service, system_server_service, service_manager_type;
|
|
type otadexopt_service, system_server_service, service_manager_type;
|
|
type overlay_service, system_api_service, system_server_service, service_manager_type;
|
|
type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type package_native_service, system_server_service, service_manager_type;
|
|
type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
|
|
type pinner_service, system_server_service, service_manager_type;
|
|
type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type processinfo_service, system_server_service, service_manager_type;
|
|
type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type recovery_service, system_server_service, service_manager_type;
|
|
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type role_service, app_api_service, system_server_service, service_manager_type;
|
|
type runtime_service, system_server_service, service_manager_type;
|
|
type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type samplingprofiler_service, system_server_service, service_manager_type;
|
|
type scheduling_policy_service, system_server_service, service_manager_type;
|
|
type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
|
|
type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type serial_service, system_api_service, system_server_service, service_manager_type;
|
|
type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type shortcut_service, app_api_service, system_server_service, service_manager_type;
|
|
type slice_service, app_api_service, system_server_service, service_manager_type;
|
|
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type system_update_service, system_server_service, service_manager_type;
|
|
type task_service, system_server_service, service_manager_type;
|
|
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type timedetector_service, system_server_service, service_manager_type;
|
|
type timezone_service, system_server_service, service_manager_type;
|
|
type timezonedetector_service, system_server_service, service_manager_type;
|
|
type trust_service, app_api_service, system_server_service, service_manager_type;
|
|
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type updatelock_service, system_api_service, system_server_service, service_manager_type;
|
|
type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type usb_service, app_api_service, system_server_service, service_manager_type;
|
|
type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type vr_manager_service, system_server_service, service_manager_type;
|
|
type wallpaper_service, app_api_service, system_server_service, service_manager_type;
|
|
type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
|
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
|
|
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
|
|
type wifi_service, app_api_service, system_server_service, service_manager_type;
|
|
type wificond_service, service_manager_type;
|
|
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
|
|
type window_service, system_api_service, system_server_service, service_manager_type;
|
|
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
|
|
type wpantund_service, system_api_service, service_manager_type;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
|
|
# servicemanager handles registering or looking up named services.
|
|
# It does not make sense to register or lookup something which is not a service.
|
|
# Trigger a compile error if this occurs.
|
|
neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };
|