commit 34d974838e8832439c7ba1914e687d3c1732b65c
author Treehugger Robot <treehugger-gerrit@google.com> Wed Dec 09 16:09:12 2020 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Dec 09 16:09:12 2020 +0000
tree 5404973bd8abb93a4100de4df8ef286b7c386d4d
parent a56c9eb016f31804f430798179704a5ed8fb89d9
parent 3b8b4251b799ea0c4174a5acf47c0526462deec7

Merge "Update 30.0 prebuilts to latest rvc-dev policy"

private/permissioncontroller_app.te

diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 44c1283..1e6ba0f 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -5,35 +5,13 @@
 
 app_domain(permissioncontroller_app)
 
+allow permissioncontroller_app app_api_service:service_manager find;
+allow permissioncontroller_app system_api_service:service_manager find;
+
 # Allow interaction with gpuservice
 binder_call(permissioncontroller_app, gpuservice)
-allow permissioncontroller_app gpu_service:service_manager find;
 
-# Allow interaction with role_service
-allow permissioncontroller_app role_service:service_manager find;
-
-# Allow interaction with usagestats_service
-allow permissioncontroller_app usagestats_service:service_manager find;
-
-# Allow interaction with activity_service
-allow permissioncontroller_app activity_service:service_manager find;
-
-# Allow interaction with legacy_permission_service
-allow permissioncontroller_app legacy_permission_service:service_manager find;
-
-allow permissioncontroller_app activity_task_service:service_manager find;
-allow permissioncontroller_app audio_service:service_manager find;
-allow permissioncontroller_app autofill_service:service_manager find;
-allow permissioncontroller_app content_capture_service:service_manager find;
-allow permissioncontroller_app device_policy_service:service_manager find;
-allow permissioncontroller_app incidentcompanion_service:service_manager find;
-allow permissioncontroller_app IProxyService_service:service_manager find;
-allow permissioncontroller_app location_service:service_manager find;
-allow permissioncontroller_app media_session_service:service_manager find;
 allow permissioncontroller_app radio_service:service_manager find;
-allow permissioncontroller_app surfaceflinger_service:service_manager find;
-allow permissioncontroller_app telecom_service:service_manager find;
-allow permissioncontroller_app trust_service:service_manager find;
 
 # Allow the app to request and collect incident reports.
 # (Also requires DUMP and PACKAGE_USAGE_STATS permissions)

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index a61b946..4284835 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -71,12 +71,6 @@
 # Settings need to access app name and icon from asec
 allow system_app asec_apk_file:file r_file_perms;
 
-# Allow system_app (adb data loader) to write data to /data/incremental
-allow system_app apk_data_file:file write;
-
-# Allow system app (adb data loader) to read logs
-allow system_app incremental_control_file:file r_file_perms;
-
 # Allow system apps (like Settings) to interact with statsd
 binder_call(system_app, statsd)
 

public/drmserver.te

diff --git a/public/drmserver.te b/public/drmserver.te
index e2c6638..a24ad41 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -30,7 +30,9 @@
 # /data/app/tlcd_sock socket file.
 # Clearly, /data/app is the most logical place to create a socket.  Not.
 allow drmserver apk_data_file:dir rw_dir_perms;
+auditallow drmserver apk_data_file:dir { add_name write };
 allow drmserver drmserver_socket:sock_file create_file_perms;
+auditallow drmserver drmserver_socket:sock_file create;
 # Delete old socket file if present.
 allow drmserver apk_data_file:sock_file unlink;