sepolicy: new file_integrity_service
Test: didn't see denials in dmesg during boot or API calls.
Bug: 142573505
Change-Id: Ifa271956bc51bf47d781cd9c9f95afb99c5f940f
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 27dc3ae..03b987e 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -20,6 +20,7 @@
dataloader_manager_service
device_config_storage_native_boot_prop
device_config_sys_traced_prop
+ file_integrity_service
gmscore_app
hal_can_bus_hwservice
hal_can_controller_hwservice
diff --git a/private/service_contexts b/private/service_contexts
index a3680d3..849717a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -76,6 +76,7 @@
lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
face u:object_r:face_service:s0
+file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
diff --git a/public/service.te b/public/service.te
index 8e9646f..8d56fb9 100644
--- a/public/service.te
+++ b/public/service.te
@@ -89,6 +89,7 @@
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type color_display_service, system_api_service, system_server_service, service_manager_type;
type external_vibrator_service, system_server_service, service_manager_type;
+type file_integrity_service, app_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;