Add sepolicy for mdns service
mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service
Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
diff --git a/private/atrace.te b/private/atrace.te
index cbb5b7c..2ab8c69 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -33,6 +33,7 @@
-installd_service
-iorapd_service
-lpdump_service
+ -mdns_service
-netd_service
-stats_service
-tracingproxy_service
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index db019f0..92c0b05 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -45,6 +45,7 @@
hal_wifi_hostapd_service
hal_wifi_supplicant_service
locale_service
+ mdns_service
mtectrl
nearby_service
proc_watermark_boost_factor
diff --git a/private/netutils_wrapper.te b/private/netutils_wrapper.te
index ca3b515..cdc342d 100644
--- a/private/netutils_wrapper.te
+++ b/private/netutils_wrapper.te
@@ -17,6 +17,7 @@
# For netutils (ndc) to be able to talk to netd
allow netutils_wrapper netd_service:service_manager find;
allow netutils_wrapper dnsresolver_service:service_manager find;
+allow netutils_wrapper mdns_service:service_manager find;
binder_use(netutils_wrapper);
binder_call(netutils_wrapper, netd);
diff --git a/private/network_stack.te b/private/network_stack.te
index 09a98b5..2546888 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -22,6 +22,7 @@
allow network_stack app_api_service:service_manager find;
allow network_stack dnsresolver_service:service_manager find;
+allow network_stack mdns_service:service_manager find;
allow network_stack netd_service:service_manager find;
allow network_stack network_watchlist_service:service_manager find;
allow network_stack radio_service:service_manager find;
diff --git a/private/service_contexts b/private/service_contexts
index b5e3407..7273676 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -207,6 +207,7 @@
logd u:object_r:logd_service:s0
looper_stats u:object_r:looper_stats_service:s0
lpdump_service u:object_r:lpdump_service:s0
+mdns u:object_r:mdns_service:s0
media.aaudio u:object_r:audioserver_service:s0
media.audio_flinger u:object_r:audioserver_service:s0
media.audio_policy u:object_r:audioserver_service:s0
diff --git a/private/system_app.te b/private/system_app.te
index 460ad4b..8c1fdbf 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -89,6 +89,7 @@
-installd_service
-iorapd_service
-lpdump_service
+ -mdns_service
-netd_service
-system_suspend_control_internal_service
-system_suspend_control_service
@@ -103,6 +104,7 @@
dumpstate_service
installd_service
iorapd_service
+ mdns_service
netd_service
virtual_touchpad_service
vold_service
diff --git a/private/system_server.te b/private/system_server.te
index 6e108df..7e66c5a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -869,6 +869,7 @@
allow system_server keystore_maintenance_service:service_manager find;
allow system_server keystore_metrics_service:service_manager find;
allow system_server keystore_service:service_manager find;
+allow system_server mdns_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
allow system_server mediaextractor_service:service_manager find;