Create SEPolicy for the new supervision service.
Test: m
Change-Id: I389c6c830907c0e55bff3458308adf5b4ccb8a52
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index b7364bd..ec89438 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -446,6 +446,7 @@
"SurfaceFlingerAIDL": EXCEPTION_NO_FUZZER,
"suspend_control": []string{"suspend_service_fuzzer"},
"suspend_control_internal": []string{"suspend_service_internal_fuzzer"},
+ "supervision": EXCEPTION_NO_FUZZER,
"system_config": EXCEPTION_NO_FUZZER,
"system_server_dumper": EXCEPTION_NO_FUZZER,
"system_update": EXCEPTION_NO_FUZZER,
diff --git a/flagging/Android.bp b/flagging/Android.bp
index 5117fab..93f4ddc 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -23,6 +23,7 @@
"RELEASE_AVF_ENABLE_LLPVM_CHANGES",
"RELEASE_AVF_ENABLE_NETWORK",
"RELEASE_READ_FROM_NEW_STORAGE",
+ "RELEASE_SUPERVISION_SERVICE",
"RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
"RELEASE_UNLOCKED_STORAGE_API",
],
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 6874821..f8ec820 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -13,5 +13,6 @@
binderfs_logs_transaction_history
proc_compaction_proactiveness
proc_cgroups
+ supervision_service
sysfs_udc
))
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 455cbff..6c52dba 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -32,6 +32,7 @@
security_state_service
sensitive_content_protection_service
setupwizard_mode_prop
+ supervision_service
sysfs_sync_on_suspend
tv_ad_service
threadnetwork_service
diff --git a/private/service.te b/private/service.te
index 6c55ed4..aa594bd 100644
--- a/private/service.te
+++ b/private/service.te
@@ -21,6 +21,10 @@
type statsbootstrap_service, system_server_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
type statsmanager_service, system_api_service, system_server_service, service_manager_type;
+
+is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
+ type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+')
type tracingproxy_service, system_server_service, service_manager_type;
type transparency_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index d1eecd5..60c9b62 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -426,6 +426,10 @@
storagestats u:object_r:storagestats_service:s0
# sdk_sandbox here refers to the service name, not the domain name.
sdk_sandbox u:object_r:sdk_sandbox_service:s0
+
+is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
+ supervision u:object_r:supervision_service:s0
+')
SurfaceFlinger u:object_r:surfaceflinger_service:s0
SurfaceFlingerAIDL u:object_r:surfaceflinger_service:s0
suspend_control u:object_r:system_suspend_control_service:s0