Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 7bec967402f3624cac3c64497f03c94b3ce31b4b^! / . / private / service_contexts
commit7bec967402f3624cac3c64497f03c94b3ce31b4b[log] [tgz]
authorSteven Thomas <steventhomas@google.com>Fri Jul 13 17:17:01 2018 -0700
committerSteven Thomas <steventhomas@google.com>Fri Jul 13 17:17:01 2018 -0700
tree54582d174ccf6126579f20879fd5c97fe19bce9e
parent6397d7e0cb8bde16d70b487bf0c6b5687cca351c [diff] [blame]
Selinux changes for vr flinger vsync service

Add selinux policy for the new Binder-based vr flinger vsync service.

Bug: 72890037

Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.

- Confirmed the CTS test
  android.security.cts.SELinuxHostTest#testAospServiceContexts, when
  built from the local source tree with this CL applied, passes.

- Confirmed the CTS test
  android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
  when built from the local source tree with this CL applied, passes.

Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06

diff --git a/private/service_contexts b/private/service_contexts
index 0513073..de784d3 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -176,6 +176,7 @@
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
 vold                                      u:object_r:vold_service:s0
 vr_hwc                                    u:object_r:vr_hwc_service:s0
+vrflinger_vsync                           u:object_r:vrflinger_vsync_service:s0
 vrmanager                                 u:object_r:vr_manager_service:s0
 wallpaper                                 u:object_r:wallpaper_service:s0
 webviewupdate                             u:object_r:webviewupdate_service:s0