Add SELinux policy for legacy permission service.
The updatable and non-updatable permission manager cannot share one
AIDL, so we need to create a new system service for the non-updatable
legacy one, and add the SELinux policy for it.
Bug: 158736025
Test: presubmit
Change-Id: Ief8da6335e5bfb17d915d707cf48f4a43332f6ae
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 78b7929..15e4c51 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -27,6 +27,7 @@
hal_gnss_service
hal_power_stats_service
keystore2_key_contexts_file
+ legacy_permission_service
location_time_zone_manager_service
mediatranscoding_tmpfs
music_recognition_service
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 41185e3..44c1283 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -18,6 +18,9 @@
# Allow interaction with activity_service
allow permissioncontroller_app activity_service:service_manager find;
+# Allow interaction with legacy_permission_service
+allow permissioncontroller_app legacy_permission_service:service_manager find;
+
allow permissioncontroller_app activity_task_service:service_manager find;
allow permissioncontroller_app audio_service:service_manager find;
allow permissioncontroller_app autofill_service:service_manager find;
diff --git a/private/service_contexts b/private/service_contexts
index 3788e55..91da637 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -127,6 +127,7 @@
isub u:object_r:radio_service:s0
jobscheduler u:object_r:jobscheduler_service:s0
launcherapps u:object_r:launcherapps_service:s0
+legacy_permission u:object_r:legacy_permission_service:s0
lights u:object_r:light_service:s0
location u:object_r:location_service:s0
location_time_zone_manager u:object_r:location_time_zone_manager_service:s0