commit c47b8faab8f58133f26b62376f82256990e572ab
author Thomas Girardier <girardier@google.com> Fri Dec 06 05:08:12 2024 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Fri Dec 06 05:08:12 2024 +0000
tree 9c0116564a784540ea9f6f14cbc3094d3ecfcf87
parent 743909426836e36bf7f2e09e4942db8528b6c946
parent 1b0decb74b710fc12c206ca3839a80879b4ae07b

Merge "Allow system_server access to aconfigd_mainline socket as well" into main am: 79009bc283 am: 1b0decb74b

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3394096

Change-Id: I478063a95eb17095e11e9fc073d6c1ce01273fd8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 9528071..01097f2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1533,8 +1533,11 @@
 allow system_server watchdog_metadata_file:dir rw_dir_perms;
 allow system_server watchdog_metadata_file:file create_file_perms;
 
-allow system_server aconfigd_socket:sock_file {read write};
-allow system_server aconfigd:unix_stream_socket connectto;
+# allow system_server write to aconfigd socket
+unix_socket_connect(system_server, aconfigd, aconfigd);
+
+# allow system_server write to aconfigd_mainline socket
+unix_socket_connect(system_server, aconfigd_mainline, aconfigd_mainline);
 
 allow system_server repair_mode_metadata_file:dir rw_dir_perms;
 allow system_server repair_mode_metadata_file:file create_file_perms;