Treble-ize sepolicy for fwk HIDL services.
Bug: 130734497
Test: m selinux_policy; system_server and statds still have permission
to export HIDL services.
Change-Id: I6e87b236bdbdd939fca51fb7255e97635118ed2d
Merged-In: I6e87b236bdbdd939fca51fb7255e97635118ed2d
(cherry picked from commit 1d34b8cc313228cbcc5e4ff1d7be9c9db69d8585)
diff --git a/private/statsd.te b/private/statsd.te
index 16d3aeb..99548a0 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,5 @@
typeattribute statsd coredomain;
+typeattribute statsd stats_service_server;
init_daemon_domain(statsd)
diff --git a/private/system_server.te b/private/system_server.te
index e724447..00fe3c3 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,8 @@
typeattribute system_server coredomain;
typeattribute system_server mlstrustedsubject;
+typeattribute system_server scheduler_service_server;
+typeattribute system_server sensor_service_server;
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
@@ -240,10 +242,6 @@
allow system_server hal_renderscript_hwservice:hwservice_manager find;
allow system_server same_process_hal_file:file { execute read open getattr map };
-# Offer HwBinder services
-add_hwservice(system_server, fwk_scheduler_hwservice)
-add_hwservice(system_server, fwk_sensor_hwservice)
-
# Talk to tombstoned to get ANR traces.
unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
diff --git a/public/attributes b/public/attributes
index dbb9356..67979da 100644
--- a/public/attributes
+++ b/public/attributes
@@ -303,11 +303,14 @@
# from one core domain to another, without having to update the vendor image
# which contains clients of this service.
-attribute display_service_server;
-attribute wifi_keystore_service_server;
-attribute mediaswcodec_server;
-attribute system_suspend_server;
attribute camera_service_server;
+attribute display_service_server;
+attribute mediaswcodec_server;
+attribute scheduler_service_server;
+attribute sensor_service_server;
+attribute stats_service_server;
+attribute system_suspend_server;
+attribute wifi_keystore_service_server;
# All types used for super partition block devices.
attribute super_block_device_type;
diff --git a/public/scheduler_service_server.te b/public/scheduler_service_server.te
new file mode 100644
index 0000000..b3cede1
--- /dev/null
+++ b/public/scheduler_service_server.te
@@ -0,0 +1 @@
+add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)
diff --git a/public/sensor_service_server.te b/public/sensor_service_server.te
new file mode 100644
index 0000000..7c526a5
--- /dev/null
+++ b/public/sensor_service_server.te
@@ -0,0 +1 @@
+add_hwservice(sensor_service_server, fwk_sensor_hwservice)
diff --git a/public/stats_service_server.te b/public/stats_service_server.te
new file mode 100644
index 0000000..564ae23
--- /dev/null
+++ b/public/stats_service_server.te
@@ -0,0 +1 @@
+add_hwservice(stats_service_server, fwk_stats_hwservice)
diff --git a/public/statsd.te b/public/statsd.te
index 8ba7f63..089cae9 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -50,9 +50,6 @@
system_api_service
}:service_manager find;
-# Allow statsd to add as HIDL service.
-add_hwservice(statsd, fwk_stats_hwservice)
-
# Grant statsd to access health hal to access battery metrics.
allow statsd hal_health_hwservice:hwservice_manager find;