SELinux policies for PDX services Specify per-service rules for PDX transport. Now being able to grant permissions to individual services provided by processes, not all services of a process. Also tighter control over which permissions are required for client and server for individual components of IPC (endpoints, channels, etc). Bug: 37646189 Change-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea

commit: 41daa7f859be06a49e4770a1f1d33b0d3070fa5a [log] [tgz]
author: Alex Vakulenko <avakulenko@google.com> Mon May 01 13:01:44 2017 -0700
committer: Alex Vakulenko <avakulenko@google.com> Wed May 10 16:39:19 2017 -0700
tree: 4649ed117e5ee1391ecc1266ba2b56b9d9eb4fb2
parent: e1074f8bfc1b0cbce831a775161b1fb791bd4079 [diff] [blame]
diff --git a/public/sensord.te b/public/sensord.te
index 3211f81..c9749cb 100644
--- a/public/sensord.te
+++ b/public/sensord.te

@@ -5,9 +5,10 @@
 hal_client_domain(sensord, hal_graphics_allocator)
 allow sensord hal_graphics_allocator:fd use;
 
-pdx_server(sensord)
-use_pdx(sensord, bufferhubd)
-use_pdx(sensord, performanced)
+pdx_server(sensord, sensors_client)
+pdx_server(sensord, pose_client)
+pdx_client(sensord, bufferhub_client)
+pdx_client(sensord, performance_client)
 
 # Access /dev/ion
 allow sensord ion_device:chr_file r_file_perms;
commit	41daa7f859be06a49e4770a1f1d33b0d3070fa5a	[log] [tgz]
author	Alex Vakulenko <avakulenko@google.com>	Mon May 01 13:01:44 2017 -0700
committer	Alex Vakulenko <avakulenko@google.com>	Wed May 10 16:39:19 2017 -0700
tree	4649ed117e5ee1391ecc1266ba2b56b9d9eb4fb2
parent	e1074f8bfc1b0cbce831a775161b1fb791bd4079 [diff] [blame]