iorapd: Add new binder service iorapd. This daemon is very locked down. Only system_server can access it. Bug: 72170747 Change-Id: I7b72b9191cb192be96001d84d067c28292c9688f

commit: 72a88b194cab6ff7885c582ea2c785ec307c93ef [log] [tgz]
author: Igor Murashkin <iam@google.com> Fri Oct 05 14:48:29 2018 -0700
committer: Igor Murashkin <iam@google.com> Mon Oct 08 15:00:34 2018 -0700
tree: 3d869d2037119d684e6231907ca5b844748c02bf
parent: 93318192a061e84acd6ff209d4a89bfd876903da [diff]
diff --git a/private/atrace.te b/private/atrace.te
index 37e9702..a60370d 100644
--- a/private/atrace.te
+++ b/private/atrace.te

@@ -33,6 +33,7 @@
   service_manager_type
   -apex_service
   -incident_service
+  -iorapd_service
   -netd_service
   -stats_service
   -dumpstate_service

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f985d95..54edb40 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -89,6 +89,11 @@
     hal_wifi_offload_hwservice
     incident_helper
     incident_helper_exec
+    iorapd
+    iorapd_data_file
+    iorapd_exec
+    iorapd_service
+    iorapd_tmpfs
     kmsg_debug_device
     last_boot_reason_prop
     llkd

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index df3f95a..1df6a0e 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -80,6 +80,11 @@
     hal_wifi_hostapd_hwservice
     incident_helper
     incident_helper_exec
+    iorapd
+    iorapd_data_file
+    iorapd_exec
+    iorapd_service
+    iorapd_tmpfs
     last_boot_reason_prop
     llkd
     llkd_exec

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index c1b126b..e02421d 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -31,6 +31,11 @@
     llkd_prop
     llkd_tmpfs
     looper_stats_service
+    iorapd
+    iorapd_exec
+    iorapd_data_file
+    iorapd_service
+    iorapd_tmpfs
     mnt_product_file
     overlayfs_file
     recovery_socket

diff --git a/private/file_contexts b/private/file_contexts
index 264735d..3b85213 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -273,6 +273,7 @@
 # patchoat executable has (essentially) the same requirements as dex2oat.
 /system/bin/patchoat(d)?    u:object_r:dex2oat_exec:s0
 /system/bin/profman(d)?     u:object_r:profman_exec:s0
+/system/bin/iorapd          u:object_r:iorapd_exec:s0
 /system/bin/sgdisk      u:object_r:sgdisk_exec:s0
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
@@ -451,6 +452,7 @@
 /data/misc/wifi/sockets/wpa_ctrl.*   u:object_r:system_wpa_socket:s0
 /data/misc/zoneinfo(/.*)?       u:object_r:zoneinfo_data_file:s0
 /data/misc/vold(/.*)?           u:object_r:vold_data_file:s0
+/data/misc/iorapd(/.*)?         u:object_r:iorapd_data_file:s0
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
 /data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
@@ -516,6 +518,9 @@
 /data/misc_de/[0-9]+/vold(/.*)?           u:object_r:vold_data_file:s0
 /data/misc_ce/[0-9]+/vold(/.*)?           u:object_r:vold_data_file:s0
 
+# iorapd per-user data
+/data/misc_ce/[0-9]+/iorapd(/.*)?           u:object_r:iorapd_data_file:s0
+
 #############################
 # efs files
 #

diff --git a/private/iorapd.te b/private/iorapd.te
new file mode 100644
index 0000000..602da03
--- /dev/null
+++ b/private/iorapd.te

@@ -0,0 +1,3 @@
+typeattribute iorapd coredomain;
+
+init_daemon_domain(iorapd)

diff --git a/private/service_contexts b/private/service_contexts
index b68ab8e..1398b19 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -70,6 +70,7 @@
 input_method                              u:object_r:input_method_service:s0
 input                                     u:object_r:input_service:s0
 installd                                  u:object_r:installd_service:s0
+iorapd                                    u:object_r:iorapd_service:s0
 iphonesubinfo_msim                        u:object_r:radio_service:s0
 iphonesubinfo2                            u:object_r:radio_service:s0
 iphonesubinfo                             u:object_r:radio_service:s0

diff --git a/private/system_app.te b/private/system_app.te
index 245496f..40fec6a 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -73,6 +73,7 @@
   -apex_service
   -dumpstate_service
   -installd_service
+  -iorapd_service
   -netd_service
   -virtual_touchpad_service
   -vold_service
@@ -82,6 +83,7 @@
 dontaudit system_app {
   dumpstate_service
   installd_service
+  iorapd_service
   netd_service
   virtual_touchpad_service
   vold_service
commit	72a88b194cab6ff7885c582ea2c785ec307c93ef	[log] [tgz]
author	Igor Murashkin <iam@google.com>	Fri Oct 05 14:48:29 2018 -0700
committer	Igor Murashkin <iam@google.com>	Mon Oct 08 15:00:34 2018 -0700
tree	3d869d2037119d684e6231907ca5b844748c02bf
parent	93318192a061e84acd6ff209d4a89bfd876903da [diff]