Add mmd selinux policies This adds minimum selinux policies to unblock these functions which are already submitted: * The init service launchs mmd as a native daemon by mmd.rc. * mmd exposes binder API. EXCEPTION_NO_FUZZER in build/soong/service_fuzzer_bindings.go is allowed for Rust products. Bug: 375432644 Bug: 370509309 Test: confirmed mmd is launched after: adb shell aflags enable \ android.mmd.flags.mmd_enabled; adb reboot Change-Id: Ibd3e68e5aea83b3bc4a01e9dcf00be2daf2466c1

commit: 9c7d306429f3ef12ce53fdf5ee868cf75c91d8e2 [log] [tgz]
author: Hung Nguyen <hungmn@google.com> Tue Nov 05 15:50:00 2024 -0800
committer: Shintaro Kawamura <kawasin@google.com> Thu Nov 21 11:42:40 2024 +0900
tree: c06cc17f5bbf911c42a0a4d773a9bc213a44b736
parent: f75e3f6cfa2fb9a297ffdc54f7ffd0e269685c0f [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 59ef299..bb8a35a 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -329,6 +329,7 @@
 /system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
 /system/bin/llkd        u:object_r:llkd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
+/system/bin/mmd         u:object_r:mmd_exec:s0
 /system/bin/usbd   u:object_r:usbd_exec:s0
 /system/bin/inputflinger u:object_r:inputflinger_exec:s0
 /system/bin/logd        u:object_r:logd_exec:s0
commit	9c7d306429f3ef12ce53fdf5ee868cf75c91d8e2	[log] [tgz]
author	Hung Nguyen <hungmn@google.com>	Tue Nov 05 15:50:00 2024 -0800
committer	Shintaro Kawamura <kawasin@google.com>	Thu Nov 21 11:42:40 2024 +0900
tree	c06cc17f5bbf911c42a0a4d773a9bc213a44b736
parent	f75e3f6cfa2fb9a297ffdc54f7ffd0e269685c0f [diff] [blame]