Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5135ac02720dc7ae30a8cb6d538fe8f17ff9aaef^! / . / private
commit5135ac02720dc7ae30a8cb6d538fe8f17ff9aaef[log] [tgz]
authorWeston Carvalho <westoncarvalho@google.com>Tue Dec 10 11:12:09 2024 -0600
committerWeston Carvalho <westoncarvalho@google.com>Thu Dec 19 11:45:44 2024 -0600
tree57fc1b8d62a4c6b0c354d7d2fffbbf9e93cf0cbc
parenta6c072904a9a8c28c3650a7ec686aa30b4957f2d [diff]
Add `android.system.vold` to sepolicy

Allow the `vold` service to expose the `android.system.vold.IVold`
interface to vendor.

Bug: 362567323
Test: acloud create
Change-Id: I074228c4a1033ddc63a547f15b093fe62a4ae86b

diff --git a/private/service.te b/private/service.te
index a90b3ba..ce648c2 100644
--- a/private/service.te
+++ b/private/service.te

@@ -60,6 +60,7 @@
 ')
 
 type uce_service,                      service_manager_type;
+type fwk_vold_service,                 service_manager_type;
 type wearable_sensing_service,         app_api_service, system_server_service, service_manager_type;
 type wifi_mainline_supplicant_service, service_manager_type;
 type dynamic_instrumentation_service,  app_api_service, system_server_service, service_manager_type;

diff --git a/private/service_contexts b/private/service_contexts
index 2e050eb..e2998c7 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -141,6 +141,7 @@
 android.system.keystore2.IKeystoreService/default                    u:object_r:keystore_service:s0
 android.system.net.netd.INetd/default                                u:object_r:system_net_netd_service:s0
 android.system.suspend.ISystemSuspend/default                        u:object_r:hal_system_suspend_service:s0
+android.system.vold.IVold/default                                    u:object_r:fwk_vold_service:s0
 
 accessibility                             u:object_r:accessibility_service:s0
 account                                   u:object_r:account_service:s0

diff --git a/private/vold.te b/private/vold.te
index c242040..8fe8518 100644
--- a/private/vold.te
+++ b/private/vold.te

@@ -291,9 +291,10 @@
 # Allow vold to use wake locks.  Needed for idle maintenance and moving storage.
 wakelock_use(vold)
 
-# Allow vold to publish a binder service and make binder calls.
+# Allow vold to make binder calls and publish binder services.
 binder_use(vold)
 add_service(vold, vold_service)
+add_service(vold, fwk_vold_service)
 
 # Allow vold to call into the system server so it can check permissions.
 binder_call(vold, system_server)