Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8788f7afe28fb57bc2a03cc739b9133b43598b20^! / .
commit8788f7afe28fb57bc2a03cc739b9133b43598b20[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Fri Nov 19 17:33:34 2021 +0000
committerAlan Stokes <alanstokes@google.com>Mon Nov 22 09:36:45 2021 +0000
tree42c36d918f69f291a8e5840c6b0745a055a13334
parent919fa4f9fc999792d4dd556183b9de0a3f0a52b1 [diff]
Split composd's service in two

They are served by the same process but have different clients:
- the main interface is exposed to system server;
- the internal interface is called by odrefresh when spawned by composd.

Test: compos_cmd forced-compile-test
Bug: 199147668
Change-Id: Ie1561b7700cf633d7d5c8df68ff58797a8d8bced

diff --git a/private/composd.te b/private/composd.te
index 5edea69..30e26f9 100644
--- a/private/composd.te
+++ b/private/composd.te

@@ -1,10 +1,11 @@
 type composd, domain, coredomain;
 type composd_exec, system_file_type, exec_type, file_type;
 
-# Host a dynamic AIDL service
+# Host dynamic AIDL services
 init_daemon_domain(composd)
 binder_use(composd)
 add_service(composd, compos_service)
+add_service(composd, compos_internal_service)
 
 # Call back into system server
 binder_call(composd, system_server)

diff --git a/private/odrefresh.te b/private/odrefresh.te
index c6ab7bb..e146938 100644
--- a/private/odrefresh.te
+++ b/private/odrefresh.te

@@ -54,7 +54,7 @@
 
 # Make binder calls back to composd
 binder_use(odrefresh)
-allow odrefresh compos_service:service_manager find;
+allow odrefresh compos_internal_service:service_manager find;
 binder_call(odrefresh, composd)
 
 # Run fd_server in its own domain

diff --git a/private/service.te b/private/service.te
index 2ab6335..006183e 100644
--- a/private/service.te
+++ b/private/service.te

@@ -11,3 +11,4 @@
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
 type tracingproxy_service,          system_server_service, service_manager_type;
 type uce_service,                   service_manager_type;
+type compos_internal_service,       service_manager_type;

diff --git a/private/service_contexts b/private/service_contexts
index 0e723f2..f833096 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -76,6 +76,7 @@
 android.security.remoteprovisioning       u:object_r:remoteprovisioning_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.composd                    u:object_r:compos_service:s0
+android.system.composd.internal           u:object_r:compos_internal_service:s0
 android.system.virtualizationservice      u:object_r:virtualization_service:s0
 app_binding                               u:object_r:app_binding_service:s0
 app_hibernation                           u:object_r:app_hibernation_service:s0