Add mmd selinux policies This adds minimum selinux policies to unblock these functions which are already submitted: * The init service launchs mmd as a native daemon by mmd.rc. * mmd exposes binder API. EXCEPTION_NO_FUZZER in build/soong/service_fuzzer_bindings.go is allowed for Rust products. Bug: 375432644 Bug: 370509309 Test: confirmed mmd is launched after: adb shell aflags enable \ android.mmd.flags.mmd_enabled; adb reboot Change-Id: Ibd3e68e5aea83b3bc4a01e9dcf00be2daf2466c1

commit: 9c7d306429f3ef12ce53fdf5ee868cf75c91d8e2 [log] [tgz]
author: Hung Nguyen <hungmn@google.com> Tue Nov 05 15:50:00 2024 -0800
committer: Shintaro Kawamura <kawasin@google.com> Thu Nov 21 11:42:40 2024 +0900
tree: c06cc17f5bbf911c42a0a4d773a9bc213a44b736
parent: f75e3f6cfa2fb9a297ffdc54f7ffd0e269685c0f [diff] [blame]
diff --git a/private/mmd.te b/private/mmd.te
new file mode 100644
index 0000000..4955d13
--- /dev/null
+++ b/private/mmd.te

@@ -0,0 +1,10 @@
+# mmd memory management daemon
+type mmd, domain;
+typeattribute mmd coredomain;
+type mmd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(mmd)
+
+# mmd binder setup
+add_service(mmd, mmd_service)
+binder_use(mmd)
commit	9c7d306429f3ef12ce53fdf5ee868cf75c91d8e2	[log] [tgz]
author	Hung Nguyen <hungmn@google.com>	Tue Nov 05 15:50:00 2024 -0800
committer	Shintaro Kawamura <kawasin@google.com>	Thu Nov 21 11:42:40 2024 +0900
tree	c06cc17f5bbf911c42a0a4d773a9bc213a44b736
parent	f75e3f6cfa2fb9a297ffdc54f7ffd0e269685c0f [diff] [blame]