Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 13ae9879d730720e662f9db8c703cd30a00b754e^! / .
commit13ae9879d730720e662f9db8c703cd30a00b754e[log] [tgz]
authorOluwarotimi Adesina <oadesina@google.com>Wed Aug 07 21:28:39 2024 +0000
committerOluwarotimi Adesina <oadesina@google.com>Thu Aug 08 14:32:44 2024 +0000
tree079fc0ee8606b68659dd9fc764d91aad2de6e198
parent92c85c56f3a55095d1ce95d0167a88ca61ea4e0a [diff]
Add selinux policy for AppFunctionManagerService


BUG: 357551503
Test: Can Boot
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8735ac2daf2e39fedfc66b67f1bc24d1abe09e83)
Merged-In: I4a520e2e12d9c3c25970921fb0ef2a85744a700c
Change-Id: I4a520e2e12d9c3c25970921fb0ef2a85744a700c

diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index b7364bd..7480238 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -193,6 +193,7 @@
 		"android.system.vmtethering.IVmTethering":                             EXCEPTION_NO_FUZZER,
 		"ambient_context":               EXCEPTION_NO_FUZZER,
 		"app_binding":                   EXCEPTION_NO_FUZZER,
+		"app_function":                  EXCEPTION_NO_FUZZER,
 		"app_hibernation":               EXCEPTION_NO_FUZZER,
 		"app_integrity":                 EXCEPTION_NO_FUZZER,
 		"app_prediction":                EXCEPTION_NO_FUZZER,

diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 6874821..b60e5c4 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil

@@ -14,4 +14,5 @@
     proc_compaction_proactiveness
     proc_cgroups
     sysfs_udc
+    app_function_service
   ))

diff --git a/private/service_contexts b/private/service_contexts
index d1eecd5..06b8ff1 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -176,6 +176,7 @@
 ')
 ambient_context                           u:object_r:ambient_context_service:s0
 app_binding                               u:object_r:app_binding_service:s0
+app_function                              u:object_r:app_function_service:s0
 app_hibernation                           u:object_r:app_hibernation_service:s0
 app_integrity                             u:object_r:app_integrity_service:s0
 app_prediction                            u:object_r:app_prediction_service:s0

diff --git a/public/service.te b/public/service.te
index 6ba1dcc..0982629 100644
--- a/public/service.te
+++ b/public/service.te

@@ -68,6 +68,9 @@
 type adservices_manager_service, system_api_service, system_server_service, service_manager_type;
 type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type app_binding_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+    type app_function_service, app_api_service, system_server_service, service_manager_type;
+')
 type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
 type app_integrity_service, system_api_service, system_server_service, service_manager_type;
 type app_prediction_service, app_api_service, system_server_service, service_manager_type;