Allow system_server read access to SurfaceFlinger This change gives system_server read permissions to SurfaceFlinger in order to pin it with PinnerService. Bug: 176197656 Test: adb shell dumpsys pinner /system/bin/surfaceflinger was successfully pinned. Change-Id: Ic845eebe298ec2d602b86003c07889f37fc44159

commit: 132f7696d0b15e03fc88b79da6fafc111d968cdb [log] [tgz]
author: Kevin Jeon <kevinjeon@google.com> Tue Jan 19 20:09:50 2021 +0000
committer: Kevin Jeon <kevinjeon@google.com> Wed Jan 20 16:52:58 2021 +0000
tree: 931fa743d0bf0ec0460461e6e73133fae22d9c2d
parent: 706d5feee24f3ffaddf42bc1a91b5f9205711bf5 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index bf5c8e8..f2e336c 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1181,6 +1181,9 @@
 allow system_server watchdog_metadata_file:dir rw_dir_perms;
 allow system_server watchdog_metadata_file:file create_file_perms;
 
+# Allow system server r access to /system/bin/surfaceflinger for PinnerService.
+allow system_server surfaceflinger_exec:file r_file_perms;
+
 # Allow init to set sysprop used to compute stats about userspace reboot.
 set_prop(system_server, userspace_reboot_log_prop)
commit	132f7696d0b15e03fc88b79da6fafc111d968cdb	[log] [tgz]
author	Kevin Jeon <kevinjeon@google.com>	Tue Jan 19 20:09:50 2021 +0000
committer	Kevin Jeon <kevinjeon@google.com>	Wed Jan 20 16:52:58 2021 +0000
tree	931fa743d0bf0ec0460461e6e73133fae22d9c2d
parent	706d5feee24f3ffaddf42bc1a91b5f9205711bf5 [diff]