Allow system server to access composd.
Also allow composd to kill odrefresh (it execs it); this is necessary
for cancel() to work.
Bug: 199147668
Test: manual
Change-Id: I233cac50240130da2f4e99f452697c1162c10c40
diff --git a/private/composd.te b/private/composd.te
index 4f85125..5edea69 100644
--- a/private/composd.te
+++ b/private/composd.te
@@ -6,6 +6,9 @@
binder_use(composd)
add_service(composd, compos_service)
+# Call back into system server
+binder_call(composd, system_server)
+
# Start a VM
virtualizationservice_use(composd)
@@ -14,5 +17,7 @@
allow composd apex_compos_data_file:dir create_dir_perms;
allow composd apex_compos_data_file:file create_file_perms;
-# Run odrefresh to refresh ART artifacts
+# TODO(b/205750213): Removed these when we run odrefresh in the VM
+# Run odrefresh to refresh ART artifacts, and kill it if we need to
domain_auto_trans(composd, odrefresh_exec, odrefresh)
+allow composd odrefresh:process sigkill;
diff --git a/private/system_server.te b/private/system_server.te
index 9f620c2..8227c29 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -262,6 +262,7 @@
binder_use(system_server)
binder_call(system_server, appdomain)
binder_call(system_server, binderservicedomain)
+binder_call(system_server, composd)
binder_call(system_server, dumpstate)
binder_call(system_server, fingerprintd)
binder_call(system_server, gatekeeperd)
@@ -849,6 +850,7 @@
allow system_server authorization_service:service_manager find;
allow system_server batteryproperties_service:service_manager find;
allow system_server cameraserver_service:service_manager find;
+allow system_server compos_service:service_manager find;
allow system_server dataloader_manager_service:service_manager find;
allow system_server dnsresolver_service:service_manager find;
allow system_server drmserver_service:service_manager find;