Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5ee34a0ed398d2fa11a07059c9845a8c40d48239^! / .
commit5ee34a0ed398d2fa11a07059c9845a8c40d48239[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Thu Feb 04 12:14:59 2021 +0900
committerLorenzo Colitti <lorenzo@google.com>Thu Feb 04 13:01:09 2021 +0900
treec7822804b3eb8a2f328a121436b79f35f913ec01
parent6e3caf699e80ff281e1df52c4968be0deb81e901 [diff]
Add sepolicy for the vpnmanager service.

The system server code that backs VPN APIs such as VpnService and
VpnManager currently lives in ConnectivityService and is accessed
via IConnectivityManager.

In S, ConnectivityService is being moved to the tethering
mainline module, but the VPN code is not. So add an new
service (vpnmanager, IVpnManager, VpnManagerService) to support
these APIs.

Service implementation at http://r.android.com/1572982 . That CL
cannot be in a topic with this one because it will conflict in
master and sc-dev.

Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" throws no errors
Change-Id: Ic09c93cc454ec959a3beda2b09efa74b8db30c27

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 2a960e5..9cd03b7 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -92,5 +92,6 @@
     userspace_reboot_metadata_file
     vcn_management_service
     vibrator_manager_service
+    vpnmanager_service
     watchdog_metadata_file
     zygote_config_prop))

diff --git a/private/service_contexts b/private/service_contexts
index 5369b54..3eee0d5 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -276,6 +276,7 @@
 virtual_touchpad                          u:object_r:virtual_touchpad_service:s0
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
 vold                                      u:object_r:vold_service:s0
+vpnmanager                                u:object_r:vpnmanager_service:s0
 vr_hwc                                    u:object_r:vr_hwc_service:s0
 vrflinger_vsync                           u:object_r:vrflinger_vsync_service:s0
 vrmanager                                 u:object_r:vr_manager_service:s0

diff --git a/public/service.te b/public/service.te
index 34c161f..cf223da 100644
--- a/public/service.te
+++ b/public/service.te

@@ -215,6 +215,7 @@
 type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type vibrator_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type vpnmanager_service, app_api_service, system_server_service, service_manager_type;
 type vr_manager_service, system_server_service, service_manager_type;
 type wallpaper_service, app_api_service, system_server_service, service_manager_type;
 type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;