Move device serial behing a permission - selinux
Build serial is non-user resettable freely available device
identifier. It can be used by ad-netowrks to track the user
across apps which violates the user's privacy.
This change deprecates Build.SERIAL and adds a new Build.getSerial()
API which requires holding the read_phone_state permission.
The Build.SERIAL value is set to "undefined" for apps targeting
high enough SDK and for legacy app the value is still available.
bug:31402365
Change-Id: I6309aa58c8993b3db4fea7b55aae05592408b6e4
diff --git a/service.te b/service.te
index 50aef26..536d5e7 100644
--- a/service.te
+++ b/service.te
@@ -47,6 +47,7 @@
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
type deviceidle_service, app_api_service, system_server_service, service_manager_type;
+type device_identifiers_service, app_api_service, system_server_service, service_manager_type;
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index c0dfd2b..f7ac035 100644
--- a/service_contexts
+++ b/service_contexts
@@ -30,6 +30,7 @@
cpuinfo u:object_r:cpuinfo_service:s0
dbinfo u:object_r:dbinfo_service:s0
device_policy u:object_r:device_policy_service:s0
+device_identifiers u:object_r:device_identifiers_service:s0
deviceidle u:object_r:deviceidle_service:s0
devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
diskstats u:object_r:diskstats_service:s0