Merge "Remove tomcherry from OWNERS"

commit: 73527ea85e9459164ec20b40bae1cd3cfa9dd2f1 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Fri Jan 15 21:33:43 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Jan 15 21:33:43 2021 +0000
tree: a06ff3ad6c48f9e7ec876cbd1e14b4746468519f
parent: 0941c2022df1a864604d228bbadce988caf6729f [diff]
parent: 19509782939d991ad8d92ed06bd63ec720b891a3 [diff]
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 18644de..2f154cd 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -10,6 +10,7 @@
     apc_service
     apex_info_file
     arm64_memtag_prop
+    authorization_service
     cgroup_desc_api_file
     cgroup_v2
     ctl_snapuserd_prop

diff --git a/private/service_contexts b/private/service_contexts
index f22e2fd..0b027ed 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -25,6 +25,7 @@
 android.os.UpdateEngineService            u:object_r:update_engine_service:s0
 android.os.UpdateEngineStableService      u:object_r:update_engine_stable_service:s0
 android.security.apc                      u:object_r:apc_service:s0
+android.security.authorization            u:object_r:authorization_service:s0
 android.security.compat                   u:object_r:keystore_compat_hal_service:s0
 android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 69e04d9..893ea11 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -762,6 +762,7 @@
 
 add_service(system_server, system_server_service);
 allow system_server audioserver_service:service_manager find;
+allow system_server authorization_service:service_manager find;
 allow system_server batteryproperties_service:service_manager find;
 allow system_server cameraserver_service:service_manager find;
 allow system_server dataloader_manager_service:service_manager find;

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 154b9c9..10c0302 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te

@@ -41,8 +41,8 @@
 # TODO: scope this down.
 allow dumpstate system_data_file:file r_file_perms;
 
-# Allow dumpstate to append into privileged apps private files.
-allow dumpstate privapp_data_file:file append;
+# Allow dumpstate to append into apps' private files.
+allow dumpstate { privapp_data_file app_data_file }:file append;
 
 # Read dmesg
 allow dumpstate self:global_capability2_class_set syslog;

diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index 6ab9727..7295c24 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te

@@ -24,6 +24,8 @@
 use_keystore(gatekeeperd)
 allow gatekeeperd keystore:keystore_key { add_auth };
 allow gatekeeperd keystore:keystore2 { add_auth };
+allow gatekeeperd authorization_service:service_manager find;
+
 
 # For permissions checking
 allow gatekeeperd system_server:binder call;

diff --git a/public/keystore.te b/public/keystore.te
index 564e9f3..8c64090 100644
--- a/public/keystore.te
+++ b/public/keystore.te

@@ -17,6 +17,7 @@
 allow keystore dropbox_service:service_manager find;
 add_service(keystore, apc_service)
 add_service(keystore, keystore_compat_hal_service)
+add_service(keystore, authorization_service)
 
 # Check SELinux permissions.
 selinux_check_access(keystore)

diff --git a/public/service.te b/public/service.te
index 28638c8..ef7fff5 100644
--- a/public/service.te
+++ b/public/service.te

@@ -2,6 +2,7 @@
 type apc_service,               service_manager_type;
 type apex_service,              service_manager_type;
 type audioserver_service,       service_manager_type;
+type authorization_service,     service_manager_type;
 type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
 type bluetooth_service,         service_manager_type;
 type cameraserver_service,      service_manager_type;
@@ -106,7 +107,7 @@
 type lowpan_service, system_api_service, system_server_service, service_manager_type;
 type ethernet_service, app_api_service, system_server_service, service_manager_type;
 type biometric_service, app_api_service, system_server_service, service_manager_type;
-type bugreport_service, system_api_service, system_server_service, service_manager_type;
+type bugreport_service, app_api_service, system_server_service, service_manager_type;
 type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type face_service, app_api_service, system_server_service, service_manager_type;
 type fingerprint_service, app_api_service, system_server_service, service_manager_type;
commit	73527ea85e9459164ec20b40bae1cd3cfa9dd2f1	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Fri Jan 15 21:33:43 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Jan 15 21:33:43 2021 +0000
tree	a06ff3ad6c48f9e7ec876cbd1e14b4746468519f
parent	0941c2022df1a864604d228bbadce988caf6729f [diff]
parent	19509782939d991ad8d92ed06bd63ec720b891a3 [diff]