SEPolicy for dynamic_instrumentation_service
Adds SEPolicy for incoming IDynamicInstrumentationManager.aidl
(implemented in DynamicInstrumentationManagerService.java)
Bug: 372925025
Test: TH
Change-Id: Ie72446f82628c30c6f0a8db242c1569806724522
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 014270b..392af54 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -23,4 +23,5 @@
media_quality_service
advanced_protection_service
sysfs_firmware_acpi_tables
+ dynamic_instrumentation_service
))
diff --git a/private/service_contexts b/private/service_contexts
index 7c3c5de..963f81e 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -187,6 +187,9 @@
app_binding u:object_r:app_binding_service:s0
app_function u:object_r:app_function_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
+starting_at_board_api(202504, `
+ dynamic_instrumentation u:object_r:dynamic_instrumentation_service:s0
+')
app_integrity u:object_r:app_integrity_service:s0
app_prediction u:object_r:app_prediction_service:s0
app_search u:object_r:app_search_service:s0
diff --git a/private/uprobestats.te b/private/uprobestats.te
index 2c5711f..c55f23d 100644
--- a/private/uprobestats.te
+++ b/private/uprobestats.te
@@ -24,6 +24,9 @@
# For registration with system server as a process observer.
binder_use(uprobestats)
allow uprobestats activity_service:service_manager find;
+starting_at_board_api(202504, `
+ allow uprobestats dynamic_instrumentation_service:service_manager find;
+')
binder_call(uprobestats, system_server);
# Allow uprobestats to talk to native package manager