SEPolicy for dynamic_instrumentation_service
Adds SEPolicy for incoming IDynamicInstrumentationManager.aidl
(implemented in DynamicInstrumentationManagerService.java)
Bug: 372925025
Test: TH
Change-Id: Ie72446f82628c30c6f0a8db242c1569806724522
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 0065c49..0c76659 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -277,6 +277,7 @@
"dropbox": EXCEPTION_NO_FUZZER,
"dumpstate": EXCEPTION_NO_FUZZER,
"dynamic_system": EXCEPTION_NO_FUZZER,
+ "dynamic_instrumentation": EXCEPTION_NO_FUZZER,
"econtroller": EXCEPTION_NO_FUZZER,
"ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
"emergency_affordance": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 014270b..392af54 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -23,4 +23,5 @@
media_quality_service
advanced_protection_service
sysfs_firmware_acpi_tables
+ dynamic_instrumentation_service
))
diff --git a/private/service_contexts b/private/service_contexts
index 7c3c5de..963f81e 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -187,6 +187,9 @@
app_binding u:object_r:app_binding_service:s0
app_function u:object_r:app_function_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
+starting_at_board_api(202504, `
+ dynamic_instrumentation u:object_r:dynamic_instrumentation_service:s0
+')
app_integrity u:object_r:app_integrity_service:s0
app_prediction u:object_r:app_prediction_service:s0
app_search u:object_r:app_search_service:s0
diff --git a/private/uprobestats.te b/private/uprobestats.te
index 2c5711f..c55f23d 100644
--- a/private/uprobestats.te
+++ b/private/uprobestats.te
@@ -24,6 +24,9 @@
# For registration with system server as a process observer.
binder_use(uprobestats)
allow uprobestats activity_service:service_manager find;
+starting_at_board_api(202504, `
+ allow uprobestats dynamic_instrumentation_service:service_manager find;
+')
binder_call(uprobestats, system_server);
# Allow uprobestats to talk to native package manager
diff --git a/public/service.te b/public/service.te
index f54df00..054779b 100644
--- a/public/service.te
+++ b/public/service.te
@@ -75,6 +75,9 @@
type app_function_service, app_api_service, system_server_service, service_manager_type;
')
type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+ type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
+')
type app_integrity_service, system_api_service, system_server_service, service_manager_type;
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;