Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 902a010aaa5866dc20a8c51b3a5458e319bafd1c^! / .
commit902a010aaa5866dc20a8c51b3a5458e319bafd1c[log] [tgz]
authorAlex Xu <alxu@google.com>Wed Oct 25 23:37:13 2023 +0000
committerAlex Xu <alxu@google.com>Thu Oct 26 06:11:58 2023 +0000
tree4cc97eb3dd549b53f9fd6b4a487d77c607ee3d56
parentc5509a8ea0d3657b67f6f5a60c649f3bfc1151cd [diff]
Add sepolicy for security_state service.

security_state service manages security state (e.g. SPL) information across partitions, modules, etc.

Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901

diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 44c3243..29273cf 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -392,6 +392,7 @@
 		"search":                       EXCEPTION_NO_FUZZER,
 		"search_ui":                    EXCEPTION_NO_FUZZER,
 		"secure_element":               EXCEPTION_NO_FUZZER,
+		"security_state":               EXCEPTION_NO_FUZZER,
 		"sec_key_att_app_id_provider":  EXCEPTION_NO_FUZZER,
 		"selection_toolbar":            EXCEPTION_NO_FUZZER,
 		"sensorservice":                EXCEPTION_NO_FUZZER,

diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 2d1aea0..685b9b2 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil

@@ -14,6 +14,7 @@
     virtual_camera_service
     ot_daemon_service
     remote_auth_service
+    security_state_service
     sysfs_sync_on_suspend
     threadnetwork_service
     device_config_aconfig_flags_prop

diff --git a/private/service_contexts b/private/service_contexts
index a1fb06b..758cab6 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -368,6 +368,7 @@
 search_ui                                 u:object_r:search_ui_service:s0
 secure_element                            u:object_r:secure_element_service:s0
 sec_key_att_app_id_provider               u:object_r:sec_key_att_app_id_provider_service:s0
+security_state                            u:object_r:security_state_service:s0
 selection_toolbar                         u:object_r:selection_toolbar_service:s0
 sensorservice                             u:object_r:sensorservice_service:s0
 sensor_privacy                            u:object_r:sensor_privacy_service:s0

diff --git a/public/service.te b/public/service.te
index e018e40..53c9e5f 100644
--- a/public/service.te
+++ b/public/service.te

@@ -212,6 +212,7 @@
 type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type search_ui_service, app_api_service, system_server_service, service_manager_type;
 type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
+type security_state_service, system_server_service, service_manager_type;
 type selection_toolbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;