Add sepolicy for music recognition service. Denial when not listed in priv_app.te: E SELinux : avc: denied { find } for pid=3213 uid=10170 name=music_recognition scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:music_recognition_service:s0 tclass=service_manager permissive=0 Bug: 158194857 Test: patched and tested on internal master Change-Id: I30e9ea79a57d9c353b732b629bd5a829c89bbcb0

commit: affe2399b53911cc87666931526b6c7d24b83a9c [log] [tgz]
author: Nick Moukhine <oni@google.com> Fri Sep 18 09:47:05 2020 +0200
committer: Nick Moukhine <oni@google.com> Wed Sep 23 10:57:19 2020 +0000
tree: 369f857792c852147f7db0d533d767fc1a2b57a7
parent: 7be9e9e372c70a5518f729a0cdcb0d39a28be377 [diff]
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index e523660..714da8e 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -18,6 +18,7 @@
     keystore2_key_contexts_file
     location_time_zone_manager_service
     mediatranscoding_tmpfs
+    music_recognition_service
     people_service
     power_stats_service
     power_debug_prop

diff --git a/private/priv_app.te b/private/priv_app.te
index 57dcfc5..c718574 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -38,6 +38,7 @@
 allow priv_app mediaextractor_service:service_manager find;
 allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediaserver_service:service_manager find;
+allow priv_app music_recognition_service:service_manager find;
 allow priv_app network_watchlist_service:service_manager find;
 allow priv_app nfc_service:service_manager find;
 allow priv_app oem_lock_service:service_manager find;

diff --git a/private/service_contexts b/private/service_contexts
index 0b6492c..7616f19 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -149,6 +149,7 @@
 meminfo                                   u:object_r:meminfo_service:s0
 midi                                      u:object_r:midi_service:s0
 mount                                     u:object_r:mount_service:s0
+music_recognition                         u:object_r:music_recognition_service:s0
 netd                                      u:object_r:netd_service:s0
 netpolicy                                 u:object_r:netpolicy_service:s0
 netstats                                  u:object_r:netstats_service:s0

diff --git a/public/service.te b/public/service.te
index 2325292..62c1b11 100644
--- a/public/service.te
+++ b/public/service.te

@@ -130,6 +130,7 @@
 type meminfo_service, system_api_service, system_server_service, service_manager_type;
 type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type music_recognition_service, system_server_service, service_manager_type;
 type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
commit	affe2399b53911cc87666931526b6c7d24b83a9c	[log] [tgz]
author	Nick Moukhine <oni@google.com>	Fri Sep 18 09:47:05 2020 +0200
committer	Nick Moukhine <oni@google.com>	Wed Sep 23 10:57:19 2020 +0000
tree	369f857792c852147f7db0d533d767fc1a2b57a7
parent	7be9e9e372c70a5518f729a0cdcb0d39a28be377 [diff]