a532088e7f
System suspend service is not a HAL, so avoid using HAL-specific macros and attributes. Use system_suspend_server attribute for ISystemSuspend.hal permissions. Use system_suspend type directly for internal .aidl interface permissions. Bug: 126259100 Test: m selinux_policy Test: blueline boots; wakelocks can still be acquired; device suspends if left alone. Change-Id: Ie811e7da46023705c93ff4d76d15709a56706714
28 lines
474 B
Text
28 lines
474 B
Text
userdebug_or_eng(`
|
|
typeattribute perfprofd coredomain;
|
|
init_daemon_domain(perfprofd)
|
|
')
|
|
|
|
neverallow {
|
|
domain
|
|
userdebug_or_eng(`
|
|
-statsd
|
|
-system_server
|
|
-system_suspend_server
|
|
-hal_health_server
|
|
-hwservicemanager
|
|
')
|
|
} perfprofd:binder call;
|
|
|
|
neverallow perfprofd {
|
|
domain
|
|
userdebug_or_eng(`
|
|
-servicemanager
|
|
-statsd
|
|
-su
|
|
-system_server
|
|
-system_suspend_server
|
|
-hal_health_server
|
|
-hwservicemanager
|
|
')
|
|
}:binder call;
|