commit d416f1b1430e625b88e709627a6a95ba7d843494
author Roman Kalukiewicz <romkal@google.com> Tue Aug 06 00:18:32 2024 +0000
committer Roman Kalukiewicz <romkal@google.com> Wed Aug 07 17:51:34 2024 +0000
tree 7ef5511dd019a06379e83fae219bed461ece8cf3
parent 801a3e1f8b4ddce4e77faf703f7151e5d39b49fe

Create SEPolicy for the new supervision service.

Test: m
Change-Id: I389c6c830907c0e55bff3458308adf5b4ccb8a52

private/compat/202404/202404.ignore.cil

diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 6874821..f8ec820 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -13,5 +13,6 @@
     binderfs_logs_transaction_history
     proc_compaction_proactiveness
     proc_cgroups
+    supervision_service
     sysfs_udc
   ))

private/compat/34.0/34.0.ignore.cil

diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 455cbff..6c52dba 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -32,6 +32,7 @@
     security_state_service
     sensitive_content_protection_service
     setupwizard_mode_prop
+    supervision_service
     sysfs_sync_on_suspend
     tv_ad_service
     threadnetwork_service

private/service.te

diff --git a/private/service.te b/private/service.te
index 6c55ed4..aa594bd 100644
--- a/private/service.te
+++ b/private/service.te
@@ -21,6 +21,10 @@
 type statsbootstrap_service,        system_server_service, service_manager_type;
 type statscompanion_service,        system_server_service, service_manager_type;
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
+
+is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
+    type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+')
 type tracingproxy_service,          system_server_service, service_manager_type;
 type transparency_service,          system_server_service, service_manager_type;
 

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index d1eecd5..60c9b62 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -426,6 +426,10 @@
 storagestats                              u:object_r:storagestats_service:s0
 # sdk_sandbox here refers to the service name, not the domain name.
 sdk_sandbox                               u:object_r:sdk_sandbox_service:s0
+
+is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
+    supervision                               u:object_r:supervision_service:s0
+')
 SurfaceFlinger                            u:object_r:surfaceflinger_service:s0
 SurfaceFlingerAIDL                        u:object_r:surfaceflinger_service:s0
 suspend_control                           u:object_r:system_suspend_control_service:s0