Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a am: badbeec6ac
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770
Change-Id: Ie5d474cceaac9833f53194b17636147cdc6eb75e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/private/isolated_compute_app.te b/private/isolated_compute_app.te
index cdddd38..d5e8a74 100644
--- a/private/isolated_compute_app.te
+++ b/private/isolated_compute_app.te
@@ -14,8 +14,8 @@
app_domain(isolated_compute_app)
isolated_app_domain(isolated_compute_app)
-allow isolated_compute_app isolated_compute_allowed_services:service_manager find;
-allow isolated_compute_app isolated_compute_allowed_devices:chr_file { read write ioctl map };
+allow isolated_compute_app isolated_compute_allowed_service:service_manager find;
+allow isolated_compute_app isolated_compute_allowed_device:chr_file { read write ioctl map };
# Enable access to hardware services for camera functionalilites
hal_client_domain(isolated_compute_app, hal_allocator)
diff --git a/public/attributes b/public/attributes
index 499ae7c..16a8e66 100644
--- a/public/attributes
+++ b/public/attributes
@@ -210,10 +210,10 @@
attribute isolated_app_all;
# All service types that would be allowed for isolated_compute_app.
-attribute isolated_compute_allowed_services;
+attribute isolated_compute_allowed_service;
# All device types that would be allowed for isolated_compute_app.
-attribute isolated_compute_allowed_devices;
+attribute isolated_compute_allowed_device;
# All domains used for apps with network access.
attribute netdomain;
diff --git a/public/device.te b/public/device.te
index e0872b7..fa29256 100644
--- a/public/device.te
+++ b/public/device.te
@@ -4,7 +4,7 @@
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
-type hwbinder_device, dev_type, mlstrustedobject, isolated_compute_allowed_devices;
+type hwbinder_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type vndbinder_device, dev_type;
type block_device, dev_type;
type bt_device, dev_type;
@@ -48,9 +48,9 @@
type zero_device, dev_type, mlstrustedobject;
type fuse_device, dev_type, mlstrustedobject;
type iio_device, dev_type;
-type ion_device, dev_type, mlstrustedobject, isolated_compute_allowed_devices;
+type ion_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type dmabuf_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
-type dmabuf_system_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject, isolated_compute_allowed_devices;
+type dmabuf_system_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type dmabuf_system_secure_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
type qtaguid_device, dev_type;
type watchdog_device, dev_type;
diff --git a/public/service.te b/public/service.te
index e720c21..27403ca 100644
--- a/public/service.te
+++ b/public/service.te
@@ -2,11 +2,11 @@
type apc_service, service_manager_type;
type apex_service, service_manager_type;
type artd_service, service_manager_type;
-type audioserver_service, service_manager_type, isolated_compute_allowed_services;
+type audioserver_service, service_manager_type, isolated_compute_allowed_service;
type authorization_service, service_manager_type;
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type bluetooth_service, service_manager_type;
-type cameraserver_service, service_manager_type, isolated_compute_allowed_services;
+type cameraserver_service, service_manager_type, isolated_compute_allowed_service;
type fwk_camera_service, service_manager_type;
type default_android_service, service_manager_type;
type device_config_updatable_service, system_api_service, system_server_service,service_manager_type;
@@ -29,7 +29,7 @@
type legacykeystore_service, service_manager_type;
type lpdump_service, service_manager_type;
type mdns_service, service_manager_type;
-type mediaserver_service, service_manager_type, isolated_compute_allowed_services;
+type mediaserver_service, service_manager_type, isolated_compute_allowed_service;
type mediametrics_service, service_manager_type;
type mediaextractor_service, service_manager_type;
type mediadrmserver_service, service_manager_type;
@@ -93,7 +93,7 @@
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_services;
+type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -107,7 +107,7 @@
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_config_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
-type device_state_service, app_api_service, system_api_service, system_server_service, service_manager_type, isolated_compute_allowed_services;
+type device_state_service, app_api_service, system_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type devicestoragemonitor_service, system_server_service, service_manager_type;
@@ -224,7 +224,7 @@
type system_server_dumper_service, system_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
type soundtrigger_middleware_service, system_server_service, service_manager_type;
-type speech_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_services;
+type speech_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
type tare_service, app_api_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
type testharness_service, system_server_service, service_manager_type;
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 8abad94..0628d35 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -357,8 +357,8 @@
def checkIsolatedComputeAllowed(tctx, tclass):
# check if the permission is in isolated_compute_allowed
- allowedMemberTypes = test_policy.pol.QueryTypeAttribute(Type="isolated_compute_allowed_services", IsAttr=True) \
- .union(test_policy.pol.QueryTypeAttribute(Type="isolated_compute_allowed_devices", IsAttr=True))
+ allowedMemberTypes = test_policy.pol.QueryTypeAttribute(Type="isolated_compute_allowed_service", IsAttr=True) \
+ .union(test_policy.pol.QueryTypeAttribute(Type="isolated_compute_allowed_device", IsAttr=True))
return tctx in allowedMemberTypes and tclass in permissionAllowList["isolated_compute_allowed"]