Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 151716fca8471a59682cb160bafbdc85121712d5^! / . / private
commit151716fca8471a59682cb160bafbdc85121712d5[log] [tgz]
authorHani Kazmi <hanikazmi@google.com>Thu Jan 09 03:56:50 2025 -0800
committerHani Kazmi <hanikazmi@google.com>Thu Jan 09 03:56:50 2025 -0800
treea7b533811e3205df16dc56f8976a5d190fc10ee3
parent0fdaa84716595d1914e87f7f48ec9d08326b26ab [diff]
Fix: do not guard advanced_protection behind starting_at_board_api

move `type advanced_protection` from public/service.te to
private/service.te, and remove the guard. Remove the guard from the
related files in `private/` as well as from `202404.ignore.cil`.

Bug: 352420507 
Change-Id: I6e6f2807aaf98e3a4945476c8f814d0f4e4dd285
Test: TH
Flag: EXEMPT SEPolicy change that does not remove access

diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 0aa0580..2ab9225 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil

@@ -5,7 +5,6 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
-    advanced_protection_service
     app_function_service
     binderfs_logs_transaction_history
     binderfs_logs_transactions

diff --git a/private/service.te b/private/service.te
index ce648c2..c61c787 100644
--- a/private/service.te
+++ b/private/service.te

@@ -64,6 +64,7 @@
 type wearable_sensing_service,         app_api_service, system_server_service, service_manager_type;
 type wifi_mainline_supplicant_service, service_manager_type;
 type dynamic_instrumentation_service,  app_api_service, system_server_service, service_manager_type;
+type advanced_protection_service,      app_api_service, system_server_service, service_manager_type;
 
 is_flag_enabled(RELEASE_RANGING_STACK, `
     type ranging_service, app_api_service, system_server_service, service_manager_type;

diff --git a/private/service_contexts b/private/service_contexts
index 4b35a42..80873da 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -149,9 +149,7 @@
 activity_task                             u:object_r:activity_task_service:s0
 adb                                       u:object_r:adb_service:s0
 adservices_manager                        u:object_r:adservices_manager_service:s0
-starting_at_board_api(202504, `
-    advanced_protection                       u:object_r:advanced_protection_service:s0
-')
+advanced_protection                       u:object_r:advanced_protection_service:s0
 aidl_lazy_test_1                          u:object_r:aidl_lazy_test_service:s0
 aidl_lazy_test_2                          u:object_r:aidl_lazy_test_service:s0
 aidl_lazy_test_quit                       u:object_r:aidl_lazy_test_service:s0