diff options
| author | JimiChen <jimichen@google.com> | 2023-10-30 19:39:19 +0800 |
|---|---|---|
| committer | JimiChen <jimichen@google.com> | 2023-11-01 18:20:45 +0800 |
| commit | ea198bd127e0d6880ff2cdea628d5a1faeba27f5 (patch) | |
| tree | 322811ab261e6bfa41124bf7d6c6ad99dbb1312b | |
| parent | aa6b15007d510208a6424ea516e000a4c4961519 (diff) | |
| download | gs101-sepolicy-ea198bd127e0d6880ff2cdea628d5a1faeba27f5.tar.gz | |
Update SELinux policies for rlsservice
1. Move rls_service context from vndservice_contexts to
service_contexts.
2. Allow binder calls from rlsservice to servicemanager
3. Change rls_service type from vndservice_manager_type to
service_manager_type.
Bug: 301520085
Test: GCA
Change-Id: I7badfe2ddb73b13884b54d2c8972e1921af6ea38
| -rw-r--r-- | whitechapel/vendor/google/rlsservice.te | 3 | ||||
| -rw-r--r-- | whitechapel/vendor/google/service.te | 2 | ||||
| -rw-r--r-- | whitechapel/vendor/google/service_contexts | 1 | ||||
| -rw-r--r-- | whitechapel/vendor/google/vndservice.te | 1 | ||||
| -rw-r--r-- | whitechapel/vendor/google/vndservice_contexts | 1 |
5 files changed, 5 insertions, 3 deletions
diff --git a/whitechapel/vendor/google/rlsservice.te b/whitechapel/vendor/google/rlsservice.te index 3086bca..4332495 100644 --- a/whitechapel/vendor/google/rlsservice.te +++ b/whitechapel/vendor/google/rlsservice.te @@ -16,8 +16,9 @@ allow rlsservice mnt_vendor_file:dir search; # access device files allow rlsservice rls_device:chr_file rw_file_perms; -binder_call(rlsservice, hal_sensors_default) binder_call(rlsservice, hal_camera_default) +binder_call(rlsservice, hal_sensors_default) +binder_call(rlsservice, servicemanager) # Allow access to always-on compute device node allow rlsservice device:dir { read watch }; diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te index 62b0b76..7218e40 100644 --- a/whitechapel/vendor/google/service.te +++ b/whitechapel/vendor/google/service.te @@ -2,3 +2,5 @@ type hal_pixel_display_service, service_manager_type, hal_service_type; type hal_uwb_vendor_service, service_manager_type, hal_service_type; # WLC type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; + +type rls_service, service_manager_type; diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts index 32ac11b..074dedf 100644 --- a/whitechapel/vendor/google/service_contexts +++ b/whitechapel/vendor/google/service_contexts @@ -2,3 +2,4 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_ hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 +rlsservice u:object_r:rls_service:s0 diff --git a/whitechapel/vendor/google/vndservice.te b/whitechapel/vendor/google/vndservice.te index bd59e83..06ef0b2 100644 --- a/whitechapel/vendor/google/vndservice.te +++ b/whitechapel/vendor/google/vndservice.te @@ -1,3 +1,2 @@ -type rls_service, vndservice_manager_type; type vendor_surfaceflinger_vndservice, vndservice_manager_type; type eco_service, vndservice_manager_type; diff --git a/whitechapel/vendor/google/vndservice_contexts b/whitechapel/vendor/google/vndservice_contexts index d272fe1..6ddcabf 100644 --- a/whitechapel/vendor/google/vndservice_contexts +++ b/whitechapel/vendor/google/vndservice_contexts @@ -1,3 +1,2 @@ Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0 -rlsservice u:object_r:rls_service:s0 media.ecoservice u:object_r:eco_service:s0 |