sepolicy: Create new attribute to serve ISuspendControlServiceInternal
Bug: 178417023
Test: Verified manually
Change-Id: Ie058ecf6b31c260e7788cbf0e74fa4182129d3e1
Signed-off-by: Darren Hsu <darrenhsu@google.com>
diff --git a/private/system_suspend.te b/private/system_suspend.te
index acb45ba..caf8955 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -1,11 +1,10 @@
-type system_suspend, domain, coredomain, system_suspend_server;
+type system_suspend, domain, coredomain, system_suspend_server, system_suspend_internal_server;
type system_suspend_exec, system_file_type, exec_type, file_type;
init_daemon_domain(system_suspend)
-# To serve ISuspendControlService and ISuspendControlServiceInternal.
+# To serve ISuspendControlService.
binder_use(system_suspend)
-add_service(system_suspend, system_suspend_control_internal_service)
add_service(system_suspend, system_suspend_control_service)
# Access to /sys/power/{ wakeup_count, state } suspend interface.
@@ -31,15 +30,6 @@
neverallow {
domain
-atrace # tracing
- -dumpstate # bug reports
- -system_suspend # implements system_suspend_control_internal_service
- -system_server # configures system_suspend via ISuspendControlServiceInternal
- -traceur_app # tracing
-} system_suspend_control_internal_service:service_manager find;
-
-neverallow {
- domain
- -atrace # tracing
-bluetooth # support Bluetooth activity attribution (BTAA)
-dumpstate # bug reports
-system_suspend # implements system_suspend_control_service