08d4c8fa6e
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP policy, but slightly modified so the set of types and attributes is a subset of real 31.0 prebuilt (sc-dev policy). Steps taken to make the fake prebuilt: 1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target aosp_arm64-eng. 2) diff both outputs to find out which types and attributes don't exist. 3) remove all relevant files and statements. As a result, the following types are removed. artd artd_exec artd_service power_stats_service transformer_service virtualizationservice virtualizationservice_data_file virtualizationservice_exec Bug: 189161483 Test: N/A, will do after adding 31.0 mapping files. Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
31 lines
1 KiB
Text
31 lines
1 KiB
Text
typeattribute update_engine coredomain;
|
|
|
|
init_daemon_domain(update_engine);
|
|
|
|
# Allow to talk to gsid.
|
|
allow update_engine gsi_service:service_manager find;
|
|
binder_call(update_engine, gsid)
|
|
|
|
# Allow to start gsid service.
|
|
set_prop(update_engine, ctl_gsid_prop)
|
|
|
|
# Allow to start snapuserd for dm-user communication.
|
|
set_prop(update_engine, ctl_snapuserd_prop)
|
|
|
|
# Allow to set the OTA related properties, e.g. ota.warm_reset.
|
|
set_prop(update_engine, ota_prop)
|
|
|
|
# Allow to get the DSU status
|
|
get_prop(update_engine, gsid_prop)
|
|
|
|
# Allow update_engine to call the callback function provided by GKI update hook.
|
|
binder_call(update_engine, gki_apex_prepostinstall)
|
|
|
|
# Allow to communicate with the snapuserd service, for dm-user snapshots.
|
|
allow update_engine snapuserd:unix_stream_socket connectto;
|
|
allow update_engine snapuserd_socket:sock_file write;
|
|
|
|
# Allow to communicate with apexd for calculating and reserving space for
|
|
# capex decompression
|
|
allow update_engine apex_service:service_manager find;
|
|
binder_call(update_engine, apexd)
|