Selinux changes for vr flinger vsync service Add selinux policy for the new Binder-based vr flinger vsync service. Bug: 72890037 Test: - Manually confirmed that I can't bind to the new vsync service from a normal Android application, and system processes (other than vr_hwc) are prevented from connecting by selinux. - Confirmed the CTS test android.security.cts.SELinuxHostTest#testAospServiceContexts, when built from the local source tree with this CL applied, passes. - Confirmed the CTS test android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521, when built from the local source tree with this CL applied, passes. Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06

commit: 7bec967402f3624cac3c64497f03c94b3ce31b4b [log] [tgz]
author: Steven Thomas <steventhomas@google.com> Fri Jul 13 17:17:01 2018 -0700
committer: Steven Thomas <steventhomas@google.com> Fri Jul 13 17:17:01 2018 -0700
tree: 54582d174ccf6126579f20879fd5c97fe19bce9e
parent: 6397d7e0cb8bde16d70b487bf0c6b5687cca351c [diff] [blame]
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 4530df4..4b7ef92 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -126,6 +126,7 @@
     vold_prepare_subdirs
     vold_prepare_subdirs_exec
     vold_service
+    vrflinger_vsync_service
     wait_for_keymaster
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
commit	7bec967402f3624cac3c64497f03c94b3ce31b4b	[log] [tgz]
author	Steven Thomas <steventhomas@google.com>	Fri Jul 13 17:17:01 2018 -0700
committer	Steven Thomas <steventhomas@google.com>	Fri Jul 13 17:17:01 2018 -0700
tree	54582d174ccf6126579f20879fd5c97fe19bce9e
parent	6397d7e0cb8bde16d70b487bf0c6b5687cca351c [diff] [blame]