Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b78a1f5e13bbec63b437a6ef8949c77fb1acba74^! / . / private
commitb78a1f5e13bbec63b437a6ef8949c77fb1acba74[log] [tgz]
authorSantos Cordon <santoscordon@google.com>Mon Jan 21 13:45:47 2019 +0000
committerSantos Cordon <santoscordon@google.com>Tue Feb 05 18:03:32 2019 +0000
treefabb1e180a5153bcbba37f43df2349840cca1ee4
parent18f8033e55def71f06967f7d69520a7ae3a55d99 [diff]
SEPolicy for Suspend Control interface.

Bug: 121210355
Test: manual
Change-Id: I9c46c72f0219309140ed2fb008ef57b4bca6ff2b
Merged-In: I9c46c72f0219309140ed2fb008ef57b4bca6ff2b

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 924726c..6154e3c 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -107,6 +107,7 @@
     system_event_log_tags_file
     system_lmk_prop
     system_suspend_hwservice
+    system_suspend_control_service
     staging_data_file
     task_profiles_file
     testharness_service

diff --git a/private/service_contexts b/private/service_contexts
index 965304c..650b62e 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -182,6 +182,7 @@
 storaged_pri                              u:object_r:storaged_service:s0
 storagestats                              u:object_r:storagestats_service:s0
 SurfaceFlinger                            u:object_r:surfaceflinger_service:s0
+suspend_control                           u:object_r:system_suspend_control_service:s0
 system_update                             u:object_r:system_update_service:s0
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 49b5498..98ae7f8 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -991,6 +991,9 @@
 allow system_server apex_service:service_manager find;
 allow system_server apexd:binder call;
 
+# Allow system server to communicate to system-suspend's control interface
+allow system_server system_suspend_control_service:service_manager find;
+
 # Allow the system server to read files under /data/apex. The system_server
 # needs these privileges to compare file signatures while processing installs.
 #