Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8be46bf2e0c59086c87640fc87882286fca2ac02^! / .
commit8be46bf2e0c59086c87640fc87882286fca2ac02[log] [tgz]
authorSong Pan <songpan@google.com>Thu Dec 05 11:24:54 2019 +0000
committerSong Pan <songpan@google.com>Thu Dec 05 12:22:51 2019 +0000
tree57e8e8d9d73b467a9b711e2764a86808e490224a
parentfe55f30397da4f928672e0c39b4dc813b818a010 [diff]
Add sepolicy for AppIntegrityService.

CL that adds the service: http://ag/9554748

BUG:145674997
Test: Manually flash the device. Without this change, the devices goes into a
bootloop (http://gpaste/5033431010377728) if I uncommit the guard in
http://ag/c/platform/frameworks/base/+/9652133/21/services/core/java/com/android/server/integrity/AppIntegrityManagerService.java

Change-Id: Ib2daf9191900d94abeae207e18a77a5914d14783

diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 383ff3c..c9a885e 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    app_integrity_service
     app_search_service
     auth_service
     ashmem_libcutils_device

diff --git a/private/service_contexts b/private/service_contexts
index 1902a48..09afd65 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -10,6 +10,7 @@
 android.security.keystore                 u:object_r:keystore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 app_binding                               u:object_r:app_binding_service:s0
+app_integrity                             u:object_r:app_integrity_service:s0
 app_prediction                            u:object_r:app_prediction_service:s0
 app_search                                u:object_r:app_search_service:s0
 apexservice                               u:object_r:apex_service:s0

diff --git a/public/service.te b/public/service.te
index 31575c5..3aa6eeb 100644
--- a/public/service.te
+++ b/public/service.te

@@ -45,6 +45,7 @@
 type adb_service, system_api_service, system_server_service, service_manager_type;
 type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type app_binding_service, system_server_service, service_manager_type;
+type app_integrity_service, system_api_service, system_server_service, service_manager_type;
 type app_prediction_service, app_api_service, system_server_service, service_manager_type;
 type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;