Add policies for new services. Bug: 30989383 Bug: 34731101 Test: manual Change-Id: Icf9d48568b505c6b788f2f5f456f2d709969fbeb

commit: 084faf025903795fe223a31d7e626d0439b459c2 [log] [tgz]
author: Nick Bray <ncbray@google.com> Thu Feb 09 15:15:11 2017 -0800
committer: Nick Bray <ncbray@google.com> Thu Feb 09 15:15:11 2017 -0800
tree: ae552d34c47001f7a679913814a25304919e70fa
parent: fbd43f03a5db3b5e1e52ec953f02f38a75c8f40b [diff] [blame]
diff --git a/public/sensord.te b/public/sensord.te
new file mode 100644
index 0000000..bffe3cd
--- /dev/null
+++ b/public/sensord.te

@@ -0,0 +1,20 @@
+# sensord
+type sensord, domain, mlstrustedsubject;
+type sensord_exec, exec_type, file_type;
+
+pdx_server(sensord)
+use_pdx(sensord, bufferhubd)
+use_pdx(sensord, performanced)
+
+# Access /dev/ion
+allow sensord ion_device:chr_file r_file_perms;
+
+allow sensord sensors_device:chr_file rw_file_perms;
+
+binder_use(sensord)
+binder_call(sensord, system_server)
+allow sensord system_server:unix_stream_socket { read write };
+
+allow sensord sensorservice_service:service_manager find;
+# permission_service is used by the NDK sensor APIs.
+allow sensord permission_service:service_manager find;
commit	084faf025903795fe223a31d7e626d0439b459c2	[log] [tgz]
author	Nick Bray <ncbray@google.com>	Thu Feb 09 15:15:11 2017 -0800
committer	Nick Bray <ncbray@google.com>	Thu Feb 09 15:15:11 2017 -0800
tree	ae552d34c47001f7a679913814a25304919e70fa
parent	fbd43f03a5db3b5e1e52ec953f02f38a75c8f40b [diff] [blame]