Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8c12609bceef06fdc045729ad5bf3b07efb56e97^! / . / public
commit8c12609bceef06fdc045729ad5bf3b07efb56e97[log] [tgz]
authorChangyeon Jo <changyeon@google.com>Thu Feb 10 14:09:02 2022 +0000
committerChangyeon Jo <changyeon@google.com>Thu Feb 10 17:21:14 2022 +0000
treeeadbf2193be5b6535f5a23cf19a6d72642c0f6ea
parent0137c98b90d709c246d55c24eeea1204d6eca9a1 [diff]
Revert^2 "Adds a sepolicy for EVS manager service"

0137c98b90d709c246d55c24eeea1204d6eca9a1

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d

diff --git a/public/attributes b/public/attributes
index b97bffc..281cf93 100644
--- a/public/attributes
+++ b/public/attributes

@@ -394,6 +394,7 @@
 attribute automotive_display_service_server;
 attribute camera_service_server;
 attribute display_service_server;
+attribute evsmanager_service_server;
 attribute scheduler_service_server;
 attribute sensor_service_server;
 attribute stats_service_server;

diff --git a/public/evsmanagerd.te b/public/evsmanagerd.te
new file mode 100644
index 0000000..cde0380
--- /dev/null
+++ b/public/evsmanagerd.te

@@ -0,0 +1,2 @@
+# evsmanager daemon
+type evsmanagerd, domain;

diff --git a/public/hal_evs.te b/public/hal_evs.te
index 789333a..e5e5fce 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te

@@ -1,5 +1,12 @@
 hwbinder_use(hal_evs_client)
 hwbinder_use(hal_evs_server)
+
 binder_call(hal_evs_client, hal_evs_server)
 binder_call(hal_evs_server, hal_evs_client)
-hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
+
+# Below lines are equivalent to hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
+# except it allows evsmanagerd to add hal_evs_hwservice.
+allow hal_evs_client hal_evs_hwservice:hwservice_manager find;
+allow hal_evs_server hal_evs_hwservice:hwservice_manager { add find };
+allow hal_evs_server hidl_base_hwservice:hwservice_manager add;
+neverallow { domain -hal_evs_server -evsmanagerd } hal_evs_hwservice:hwservice_manager add;

diff --git a/public/service.te b/public/service.te
index 46eaff1..495b5f5 100644
--- a/public/service.te
+++ b/public/service.te

@@ -13,6 +13,7 @@
 type dnsresolver_service,       service_manager_type;
 type drmserver_service,         service_manager_type;
 type dumpstate_service,         service_manager_type;
+type evsmanagerd_service,       service_manager_type;
 type fingerprintd_service,      service_manager_type;
 type fwk_automotive_display_service, service_manager_type;
 type gatekeeper_service,        app_api_service, service_manager_type;