Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 467d8a80ea62854e115b2b40ce6d559882eb248a^! / .
commit467d8a80ea62854e115b2b40ce6d559882eb248a[log] [tgz]
authorChris Wailes <chriswailes@google.com>Wed Mar 03 12:30:28 2021 -0800
committerChris Wailes <chriswailes@google.com>Tue Apr 27 14:49:13 2021 -0700
tree7dd0183bd53ec34adc64730758ccc92a9d1f1ae0
parent98914119ae697ab52d22b9d805e7d7d60b5f71ff [diff]
Add SELinux properties for artd

Test: boot device and check for artd process
Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab

diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index d2a8626..2533cac 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts

@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                   u:object_r:system_file:s0
+/bin/artd                u:object_r:artd_exec:s0
 /bin/dex2oat(32|64)?     u:object_r:dex2oat_exec:s0
 /bin/dexoptanalyzer      u:object_r:dexoptanalyzer_exec:s0
 /bin/odrefresh           u:object_r:odrefresh_exec:s0

diff --git a/private/artd.te b/private/artd.te
new file mode 100644
index 0000000..a76074b
--- /dev/null
+++ b/private/artd.te

@@ -0,0 +1,12 @@
+# art service daemon
+type artd, domain;
+type artd_exec, system_file_type, exec_type, file_type;
+
+# Allow artd to publish a binder service and make binder calls.
+binder_use(artd)
+add_service(artd, artd_service)
+allow artd dumpstate:fifo_file  { getattr write };
+
+typeattribute artd coredomain;
+
+init_daemon_domain(artd)

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index e479f33..eb34315 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -17,6 +17,9 @@
     app_hibernation_service
     appcompat_data_file
     arm64_memtag_prop
+    artd
+    artd_exec
+    artd_service
     authorization_service
     bootanim_config_prop
     camerax_extensions_prop

diff --git a/private/service_contexts b/private/service_contexts
index c9c6aef..3357943 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -51,6 +51,7 @@
 gsiservice                                u:object_r:gsi_service:s0
 appops                                    u:object_r:appops_service:s0
 appwidget                                 u:object_r:appwidget_service:s0
+artd                                      u:object_r:artd_service:s0
 assetatlas                                u:object_r:assetatlas_service:s0
 attention                                 u:object_r:attention_service:s0
 audio                                     u:object_r:audio_service:s0

diff --git a/public/service.te b/public/service.te
index 4012fca..916ad53 100644
--- a/public/service.te
+++ b/public/service.te

@@ -1,6 +1,7 @@
 type aidl_lazy_test_service,    service_manager_type;
 type apc_service,               service_manager_type;
 type apex_service,              service_manager_type;
+type artd_service,              service_manager_type;
 type audioserver_service,       service_manager_type;
 type authorization_service,     service_manager_type;
 type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;