Update SELinux Policy for bufferhubd
Create a new service type buffer_hub_binder_service for
BufferHubBinderService and allow bufferhubd to publish the service.
Add the service to 26.0, 27.0 and 28.0 compat ignore files since the
service is not available in past versions.
Fixes: 116022258
Test: build passed
Change-Id: I5a21f00329ed474433d96c8d1ce32377f20cada3
diff --git a/private/bufferhubd.te b/private/bufferhubd.te
index 012eb20..31328ac 100644
--- a/private/bufferhubd.te
+++ b/private/bufferhubd.te
@@ -1,3 +1,7 @@
typeattribute bufferhubd coredomain;
init_daemon_domain(bufferhubd)
+
+# Permission for create binder service "bufferhubd"
+binder_use(bufferhubd);
+add_service(bufferhubd, buffer_hub_service);
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b70b2ab..b64e10e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -18,6 +18,8 @@
bpfloader
bpfloader_exec
broadcastradio_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 1e38d2d..494e634 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -16,6 +16,8 @@
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 9d9fc20..cd7b7c8 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -7,6 +7,8 @@
adb_service
app_binding_service
biometric_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
fastbootd
color_display_service
hal_health_storage_hwservice
diff --git a/private/service.te b/private/service.te
index 3fec882..660bc1e 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,2 +1,3 @@
+type buffer_hub_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index ebd8a36..e04227b 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -22,6 +22,7 @@
bluetooth_manager u:object_r:bluetooth_manager_service:s0
bluetooth u:object_r:bluetooth_service:s0
broadcastradio u:object_r:broadcastradio_service:s0
+bufferhubd u:object_r:buffer_hub_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
diff --git a/private/shell.te b/private/shell.te
index 130a130..1213777 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -51,3 +51,6 @@
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file r_file_perms;
+
+# Allow shell-based "dumpsys" to call into bufferhubd.
+binder_call(shell, bufferhubd);