Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6aa44527b87b74d7e1140d1c74c3aeffcfc4a786^! / .
commit6aa44527b87b74d7e1140d1c74c3aeffcfc4a786[log] [tgz]
authorMatt Pape <mpape@google.com>Fri Dec 07 08:27:29 2018 -0800
committerMatt Pape <mpape@google.com>Fri Dec 07 08:27:29 2018 -0800
tree0281752d5d4fa599c6d8598dde2b73fec3d48a96
parentde3a3e41560314a3fda35adddf0f2328dd9e3a1a [diff]
SEPolicy updates for DeviceConfig Service.

Add a DeviceConfig service in system_server to edit configuration flags.
This is intended to be a command line tool for local overrides and/or
tool for tests that adopt shell permissions.

Test: None
Bug:109919982
Bug:113101834
Change-Id: Ib7bed752849b1ed102747e3202dd7aed48d2c6d5

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index f9f4ebf..d852853 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -20,8 +20,9 @@
     cpu_variant_prop
     dev_cpu_variant
     device_config_boot_count_prop
-    device_config_reset_performed_prop
     device_config_flags_health_check_prop
+    device_config_reset_performed_prop
+    device_config_service
     face_service
     face_vendor_data_file
     fastbootd

diff --git a/private/service_contexts b/private/service_contexts
index 7f1b38f..43479b3 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -38,6 +38,7 @@
 cpuinfo                                   u:object_r:cpuinfo_service:s0
 crossprofileapps                          u:object_r:crossprofileapps_service:s0
 dbinfo                                    u:object_r:dbinfo_service:s0
+device_config                             u:object_r:device_config_service:s0
 device_policy                             u:object_r:device_policy_service:s0
 device_identifiers                        u:object_r:device_identifiers_service:s0
 deviceidle                                u:object_r:deviceidle_service:s0

diff --git a/public/service.te b/public/service.te
index ce87ba9..8a59bff 100644
--- a/public/service.te
+++ b/public/service.te

@@ -71,6 +71,7 @@
 type coverage_service, system_server_service, service_manager_type;
 type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
 type dbinfo_service, system_api_service, system_server_service, service_manager_type;
+type device_config_service, system_server_service, service_manager_type;
 type device_policy_service, app_api_service, system_server_service, service_manager_type;
 type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;