Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 91e58ac87b8217312c9c7b072bedef1a8d5e49fe^2..91e58ac87b8217312c9c7b072bedef1a8d5e49fe / .
commit91e58ac87b8217312c9c7b072bedef1a8d5e49fe[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Wed Oct 23 17:46:42 2019 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Oct 23 17:46:42 2019 +0000
tree4a4fc7a1fab737d2a24ea3819eb1677d6192b6ca
parent3057643aef1c817b4d7a1dfe908d5317e97235fe [diff]
parent9f74a428c4ad085ac8ea26509240dfeccb658b85 [diff]
Merge "sepolicy: Add iorap_prefetcherd rules"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index eb99076..ffeccdb 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -25,6 +25,7 @@
     mock_ota_prop
     ota_metadata_file
     art_apex_dir
+    service_manager_service
     system_group_file
     system_passwd_file
     vendor_apex_file

diff --git a/private/platform_app.te b/private/platform_app.te
index c255605..45de3cb 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te

@@ -76,7 +76,7 @@
 binder_call(platform_app, gpuservice)
 
 # Allow platform apps to log via statsd.
-allow platform_app statsd:binder call;
+binder_call(platform_app statsd)
 
 # Access to /data/preloads
 allow platform_app preloads_data_file:file r_file_perms;

diff --git a/private/service_contexts b/private/service_contexts
index 2f4a2f8..defdfa4 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -168,6 +168,7 @@
 sensor_privacy                            u:object_r:sensor_privacy_service:s0
 serial                                    u:object_r:serial_service:s0
 servicediscovery                          u:object_r:servicediscovery_service:s0
+manager                                   u:object_r:service_manager_service:s0
 settings                                  u:object_r:settings_service:s0
 shortcut                                  u:object_r:shortcut_service:s0
 simphonebook_msim                         u:object_r:radio_service:s0

diff --git a/public/service.te b/public/service.te
index f69e5e3..624d949 100644
--- a/public/service.te
+++ b/public/service.te

@@ -25,6 +25,7 @@
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
 type secure_element_service,    service_manager_type;
+type service_manager_service,   service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;

diff --git a/public/servicemanager.te b/public/servicemanager.te
index df20941..10347d9 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te

@@ -21,5 +21,7 @@
 # nonplat_service_contexts only accessible on non full-treble devices
 not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
 
+add_service(servicemanager, service_manager_service)
+
 # Check SELinux permissions.
 selinux_check_access(servicemanager)