commit 1bbbf810c9d61fb85be5fee43503ef9b0c726772
author Tri Vo <trong@google.com> Mon Apr 22 10:09:38 2019 -0700
committer Tri Vo <trong@google.com> Mon Apr 22 17:07:06 2019 -0700
tree 044ac57bed084fd6b23932a9d0b867604411060b
parent f33351bc98c80b889222c4f5865c29485189f000

Treble-ize sepolicy for fwk HIDL services.

Bug: 130734497
Test: m selinux_policy; system_server and statds still have permission
to export HIDL services.
Change-Id: I6e87b236bdbdd939fca51fb7255e97635118ed2d
Merged-In: I6e87b236bdbdd939fca51fb7255e97635118ed2d
(cherry picked from commit 1d34b8cc313228cbcc5e4ff1d7be9c9db69d8585)

private/statsd.te

diff --git a/private/statsd.te b/private/statsd.te
index 16d3aeb..99548a0 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,5 @@
 typeattribute statsd coredomain;
+typeattribute statsd stats_service_server;
 
 init_daemon_domain(statsd)
 

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index e724447..00fe3c3 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,8 @@
 
 typeattribute system_server coredomain;
 typeattribute system_server mlstrustedsubject;
+typeattribute system_server scheduler_service_server;
+typeattribute system_server sensor_service_server;
 
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)
@@ -240,10 +242,6 @@
 allow system_server hal_renderscript_hwservice:hwservice_manager find;
 allow system_server same_process_hal_file:file { execute read open getattr map };
 
-# Offer HwBinder services
-add_hwservice(system_server, fwk_scheduler_hwservice)
-add_hwservice(system_server, fwk_sensor_hwservice)
-
 # Talk to tombstoned to get ANR traces.
 unix_socket_connect(system_server, tombstoned_intercept, tombstoned)